ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

ACIDs that match NETNAME suspended at CICS signon after reason code "DF" violations


Article ID: 223190


Updated On:


Top Secret


Customer Information Control System (CICS) users get revoked at CICS signon when netname matches the user's TSS ACID.

  • This netname is assigned by the TPX ACB exit. 
  • Transactions which run before a successful signon may lead to TSS violations against the ACID with reason code DF (‘signon for ACID requires a phrase’).
  • Multiple violations can cause suspension of the ACID. 



ATS (Automatic Termimal Signon) is a Top Secret CICS feature used for printers, ATMS, and other devices.

If a security check occurs on a terminal where there is no user signed on, TSS will search for an ACID that matches the terminal id. So, if a regular user's ACIDs coincidentally matches a terminal id, it will be signed by signed on to the CICS terminal by Top Secret.


Release : 16.0

Component : CA Top Secret for z/OS


Three choices are availble to resolve this issue:

  • If an ACID should not get signed on by ATS, add the NOATS attribute to the user. For example: TSS ADD(T123456) NOATS
  • Change the ACID to a value that does not match the terminal id.
  • Change the naming conventions for terminals so that no terminal name can match regular user ACIDs.

NOTE  there really is no way to tell if ATS was used to sign on aside from observing the match between terminals and ACIDs.


Additional Information

It appears the netname is being checked against the TSS Secfile, to see if it is defined there as an ACID, as part of the Automatic Terminal Signon Procedure: