The Top Secret TSSUTIL report shows the following violations for z/OSMF at startup:

ACCESSOR JOBNAME  FFM VC PROGRAM  R-ACCESS A-ACCESS SRC/DRC SEC RESOURCE (TYPE & NAME)       
-------- -------- --- -- -------- -------- -------- ------- --- ---------------------------- 
IZUSVR   IZUSVR1  S F                               *08*-04 USS ? CHECK_PROC_OWNER           
IZUSVR   IZUSVR1  S F                               *08*-30 USS ? R_DATALIB
IZUSVR   IZUSVR1  S F                               *08*-30 USS ? R_DATALIB
IZUSVR   IZUSVR1  S F                               *08*-2C USS ? R_DATALIB
IZUSVR   IZUSVR1  S F                               *08*-30 USS ? R_DATALIB
IZUSVR   IZUSVR1  S F                               *08*-30 USS ? R_DATALIB
IZUSVR   IZUSVR1  S F                               *08*-2C USS ? R_DATALIB

Release : 16.0

Component : CA Top Secret for z/OS

OMVS uses non-zero return codes to force another event to happen.  None of the below non-zero return codes are violations.
 

USS return code meanings:

The *08*-30 for R_DATALIB calls are usually normal. An application was trying to determine a certificate size. So an R_datalib call with a certificate size of zero was issued. This will cause the certificate size to be passed back on the call and the  entry you see in the TSSUTIL to be written.

The 08-2C on the R_DATALIB call means that there are no more certificates. This is perfectly normal. If there are 5 certificates, each time there will be a data getnext call, which will get rc=0, till the last one, which gets the 8/8:44 (44 is x’2’) because there are no more certificates.

*08*-04 with CHECK_PROC_OWNER, CHECK_PROC_OWNER checks to see if the calling process is the owner of a process being called.  If it is the owner then it will treat it a a superuser.  In this case the caller is not the owner and the *08*-04 is returned.  It is not a violation. It is just a check to determine if the called should have superuser authority.