new SITPARM called XPTKT.
This new option by default is set to YES -
Release : 16.0
Component : CA Top Secret for z/OS
You would want the default of XPTKT=YES. In this case as the IBM doc. states a security call for the signed on
user will be driven for PTKTDATA(IRRPTAUTH.applid.
If the SIT XPTKT=NO, then the same security call will issued under the CTS region control acid and if that acid has bypass
attributes such as NORESCHK, then for example anyone can generate a passticket for any application.