Auditing bind-time security

If security is active (SEC=YES is specified in the system initialization parameters), CICS performs bind security auditing. The following conditions are considered bind failures, and cause RACF to write an SMF record, and to issue a message:
The following conditions are considered bind successes, and cause RACF to write an SMF record, but not to issue a message:
An SMF record is written if either of the following is true: Two things happen when an SMF audit record is written:
These audit records can be extracted from SMF and listed using the following sample RACF Report Writer control statements:
//RACFRW EXEC PGM=IKJEFT01
//SORTWKxx DD your sort files
//SYSPRINT DD SYSOUT=*
//SYSTPRT DD SYSOUT=*
//RSMFIN DD DSN=your smf dumped data, DISP=SHR
//SYSTIN DD *
 
RACFRW TITLE('Bind Security Reports') GENSUM
SELECT PROCESS
EVENT APPCLU
LIST SORT(DATE,TIME)
END
 
//

The RACF Report Writer is described in the z/OS Security Server RACF Auditor's Guide.