The ACF2/CICS parameter deck has this option:

SUSPEND   Password=YES|NO 

Specifies if users are suspended during sign-on if the password violation count reaches the established threshold.

– YES-Indicates that the user is considered suspended during sign-on if the password violation count reaches the threshold established by the PASSLMT field of the host CA ACF2 system GSO PSWD record. Also, the user is considered suspended if the number of password violations accumulated in the current session count reaches the threshold established by the lower of the CICS interface OPTION MAXVIO parameter or the GSO PSWD record PASSLMT field. This happens only during password reverification. The current session count is set to zero after the sign-on has been completed. This information is not sent back to CA ACF2 when sign-off is performed. Also, CA ACF2 sets the SUSPEND field in the logonid record.

– NO-Specifies that suspension does not occur for password errors.

In ACF2/CICS, I have SUSPEND=NO, but no password statistics are being updated.  Why?

With SUSPEND=NO, ACF2 will not suspend the user in the CICS region, so ACF2 does not want to update the statistics either.  At the signon screen, a user can attempt aa many passwords as they wish with no bad side effects.  If the user is at a IDLE password re-verification prompt, their session will be canceled when bad password attempts reach the MAXTRY value in the GSO record.  For these reasons, CA Technologies recommends that you use SUSPEND PASSWORD=YES.