After applying IBM apar OA60485 there is a difference in the way Pervasive Encryption is working on TOP Secret systems.   
Datasets that should not be encrypted are now being encrypted.                                    

Example before OA60485:

IGD17156I PKPM.CHD6674.R9351.R0000.RPT08.PASS.G0001V00, KEY LABEL IS IGNORED
BECAUSE DATA SET TYPE IS NOT SUPPORTED FOR ENCRYPTION. ALLOCATION CONTINUES
IGD101I SMS ALLOCATED TO DDNAME (REPORT08)
DSN (PKPM.CHD6674.R9351.R0000.RPT08.PASS.G0001V00)
STORCLAS (CATCYCLE) MGMTCLAS (PRD6W) DATACLAS (PSMED)
VOL SER NOS= BST612

Example after OA60485:

.IGD17150I DATA SET PKPM.CHD6674.R9351.R0000.RPT08.PASS.G0001V00 IS
.ELIGIBLE FOR ACCESS METHOD ENCRYPTION. KEY LABEL IS
.(NPE.MCYCLE.USA.00002)
.IGD101I SMS ALLOCATED TO DDNAME (REPORT08)
. DSN (PKPM.CHD6674.R9351.R0000.RPT08.PASS.G0001V00)
. STORCLAS (CATCYCLE) MGMTCLAS (PRD6W) DATACLAS (PSMED)
. VOL SER NOS= RSX196

Release : 16.0

Component : Top Secret for z/OS

 When setting up Pervasive Encryption the following permits were needed to be in place. 

XA IBMFAC  = STGADMIN.SMS.ALLOW.DATASET.SEQ.ENCRYPT  ACCESS  = NONE                                                              
XA IBMFAC  = STGADMIN.SMS.ALLOW.PDSE.ENCRYPT  ACCESS  = NONE          

With IBM apar OA60485 applied the permits are no longer necessary and need to be removed. 
No additional TSS maintenance is required.