When using a IBM product called IDZ  IBM Development Tool for z/OS  and when the user just does a connect and logon the security admin noticed that the ACC-CNT count jumps by 20+.  What updates the ACC-CNT field of a logonid?

Release : 16.0

Component : CA ACF2 for z/OS

ACF2 updates the ACC-CNT field any time a system entry validation is done. To verify how the logonid is being used, add the logonid MON-LOG bit field to the user logonid in question, have the user connect and logon and then run the ACFRPTPW report to see the jobname, submitter, source and program that drove the system entry validation for that logonid. 

To turn on the MON-LOG bit field from TSO, ACF:

ACF
CHANGE logonid MON-LOG

Sample ACFRPTPW report JCL:

//REPORT  EXEC PGM=ACFRPTPW                     
//SYSPRINT DD SYSOUT=*                          
//RECMAN1  DD DISP=SHR,DSN=SYS1.MAN1            
//RECMAN2  DD DISP=SHR,DSN=SYS1.MAN2            
//RECMAN3  DD DISP=SHR,DSN=SYS1.MAN3            
//SYSIN    DD *                                 
TITLE(ACFRPTPW)                                 
/*