Customer Information Control System (CICS) users get revoked at CICS signon when netname matches the user's TSS ACID.
ATS (Automatic Termimal Signon) is a Top Secret CICS feature used for printers, ATMS, and other devices.
If a security check occurs on a terminal where there is no user signed on, TSS will search for an ACID that matches the terminal id. So, if a regular user's ACIDs coincidentally matches a terminal id, it will be signed by signed on to the CICS terminal by Top Secret.
Release : 16.0
Component : CA Top Secret for z/OS
Three choices are availble to resolve this issue:
NOTE there really is no way to tell if ATS was used to sign on aside from observing the match between terminals and ACIDs.
It appears the netname is being checked against the TSS Secfile, to see if it is defined there as an ACID, as part of the Automatic Terminal Signon Procedure: