Release :

Component : CA Top Secret for z/OS

There is a LOG=NONE setting on a RACROUTE security call. RACROUTE is what z/OS or application uses to talk to Top Secret to see if a user is authorized for a resource. 

LOG=NONE on a RACROUTE security call tell CA Top Secret not to log the violations to audit and not put out any messages when a users causes a security violation.

CEM has functionality to report on violations that occurred with LOG=NONE. TSSUTIL will not report on violations with LOG=NONE. 

This is why there is discrepency between the CEM report and the TSSUTIL reports. This not a bug. Just how CEM works.