I would recommend starting by downloading the DoD z/OS STIG for TSS at: http://iasecontent.disa.mil/stigs/zip/U_zOS_TSS_V6R32_STIG.zip
I don't believe the scripts are available to the public, however there are a couple companies who are starting to provide Validation Scripts/software as a service of their company.
I am not associated with any of the following, however first two listed companies indicate they have z/OS Vulnerability tools/software based upon the DoD z/OS STIG for CA-TSS:
XlentSoftware.com https://xlentsoftware.com/vulnerability-scans/
IBM z/Secure Audit for TSS http://www-03.ibm.com/software/products/da/zsecure-audit-topsecret
CA - ?? unknown if CA is or is not working on solution.
You may want to inquire with each vendor for a list of STIG Checks that their products validate for your particular Security Software as part of your review of potential solutions.
And yes, I have many years (Over 15+) of hands on experience in implementing z/OS STIG controls for CA-Top Secret managed Mainframes, installing CA-Top Secret software, configuring CA-Top Secret and more.
Semper Fi
Steve Hosie, CISSP-ISSAP, CISM, CRISC, CISA, CGEIT, NSA-IAM, ITIL, CSM
CyberSecurity.Services