I have done some security assessments against zOS using RACF, as long as RACF has been implemented properly its damn good. What specific questions do you have? just the general security overall?
Just security in general - as I stay on over time, more people will learn I'm an IT Auditor - so I may have a plethora of questions over time - some may be like this - a solid technology that maybe not too many people have experience with - or the one-off technologies. For this discussion, I am curious about general security overall - simply to help broaden my mainframe experience - which at this point is nill and I want to make sure I ask at least somewhat intelligible questions when I interview our auditees.

a) Most of MF security admins are SO especialist that cant use anything else but Mainframes. b) MF security use to be discussed on closed forums. Just among MF guys. You cant see MF discussions about networking or databases either. Its a priviledge forum
That's ok - I don't want to be privileged - it complicates things for me. I will just ask my questions and see if any MF experts wish to chime in - like you! No - seriously - I haven't run into many MF people - so finding a couple out here is great!

Thanks for all the great information so far - it's helping me out!