This parameter designates that only one ruleset can contain SEC rules, so that it can then be further protected by your external security package, where you can thereby limit access to users who can create/delete/define rules.
As per the manual:
This parameter defines the rule set name of the library from which security rules can be activated. When you set this parameter, the specified library becomes the only library from which you can activate security rules, preventing unauthorized users from using another rule set to override the security rule that your data center has implemented.
For more information on security rules, see Security Rules.
* Default value
* Other possible values
The name of any security rule set
* Set or modify this parameter...
This function defines SYSSECUR as the security rule set to activate.