We currently dont have any tech doc the encompasses both activating AES256 encryption AND changing the MSCA password at the same time.
You have two places where you can change the MSCA password.
1. When running TSSMAINT to format a new security file.
2. Using an SCA to change the MSCA passoword.
If you are formatting a new security file to allow AES256 encryption, you can change the password when running TSSMAINT job to format the file.
If you already have AES256 support for your security file, you can use an SCA to change the MSCA password. This can be done at any time.