In the Top Secret documentation, it lists which started tasks should have ACIDs defined to them. However, it does not specify what type of access is needed for these tasks. Particularly VLF, XCFAS, and IEEVMPCR. How should these ACIDs be defined? Also, how do you start a started task in WARN mode?

VLF and XCFAS are system address spaces. These should be defined to the STC table in Top Secret with ACID(BYPASS). 

IEEVMPCR should be defined to the STC table in Top Secret with a region acid. Here are example Top Secret commands:

TSS CRE(IEEVMPCR) TYPE(USER) NAME(‘IEEVMPCR USER’) PASS(xxxx,0) DEPT(dept) 
TSS ADD(IEEVMPCR) FAC(STC) 
TSS ADD(IEEVMPCR) UID(0) HOME(/) DFLTGRP(group) GROUP(group) PROGRAM(/bin/sh) 

Where: 
‘dept’ is the type DEPT acid you want to own the IEEVMPCR user acid 

‘group’ is an OMVS group that the IEEVMPCR acid should have as a GROUP and DFLTGRP 

‘xxxx’ is a password. We recommend that all started task (STC) acids be given a password and OPTIONS(4) be set in the Top Secret parameter file. OPTIONS(4) will eliminate the prompt for a password when the STC starts, but if someone tries to signon with the STC acid, he will need to know the password. 

NOTE: The acid does not have to be called IEEVMPCR. It can be something different. 

- To add it to the STC table in Top Secret: 

TSS ADD(STC) PROCNAME(IEEVMPCR) ACID(IEEVMPCR) 

- While implementing this change, consider starting with this acid in WARN mode: 

TSS PER(IEEVMPCR) MODE(WARN) 

After bringing up IEEVMPCR, run TSSUTIL with the following to see if there are any violations for this acid: 

REPORT EVENT(VIOL) ACID(IEEVMPCR) LONG END 

If there are violations, permit the appropriate resources with the required access levels, then revoke the MODE permit: 

TSS REV(IEEVMPCR) MODE(WARN)