Customer Information Control System (CICS) users get revoked at CICS signon when netname matches the user's TSS ACID.

• This netname is assigned by the TPX ACB exit. 
• Transactions which run before a successful signon may lead to TSS violations against the ACID with reason code DF (‘signon for ACID requires a phrase’).
• Multiple violations can cause suspension of the ACID.

• Release : 16.0
• Component : Top Secret for z/OS

ATS (Automatic Terminal Signon) is a Top Secret CICS feature used for printers, ATMS, and other devices.

If a security check occurs on a terminal where there is no user signed on, TSS will search for an ACID that matches the terminal id. So, if a regular user's ACIDs coincidentally matches a terminal id, it will be signed by signed on to the CICS terminal by Top Secret.

Three choices are available to resolve this issue:

• If an ACID should not get signed on by ATS, add the NOATS attribute to the user. For example: TSS ADD(T123456) NOATS
• Change the ACID to a value that does not match the terminal id.
• Change the naming conventions for terminals so that no terminal name can match regular user ACIDs.

NOTE  there really is no way to tell if ATS was used to sign on aside from observing the match between terminals and ACIDs.

It appears the netname is being checked against the TSS Secfile, to see if it is defined there as an ACID, as part of the Automatic Terminal Signon Procedure.