The ACF2/CICS documentation section Transaction Security describes the following related to ACF2 CICS transaction validation:

 

CICS recognizes two types of transaction access: XTRAN and XPCT. When a transaction begins execution, or is attached in CICS terminology, CICS performs an XTRAN validation check. When any other type of transaction access is made, such as through an EXEC CICS INQUIRE, SET, or START command, CICS instead performs an XPCT validation check.

 

The CICS interface lets you protect both types of transaction accesses via a single entity, or it lets you protect them independently of one another. The TRANS CICSKEY resource activates both the XTRAN and XPCT levels of transaction checking. The XPCT CICSKEY resource activates only the XPCT level of checking and is mutually exclusive with the TRANS CICSKEY resource. The XTRAN CICSKEY resource activates only the XTRAN level of checking and is also mutually exclusive with the TRANS CICSKEY resource.

 

If you are running the CICSPLEX/SM (CPSM) product and you want to run with security active in a CICS Managed Address Space (CMAS) region, CPSM will not allow you to activate the XPCT level of transaction checking. In such an environment you would want to activate only the XTRAN CICSKEY resource.

 

If you are using the XPCT or XTRAN CICSKEY resources to secure transaction accesses, you must supply a set of SAFE and PROTECT lists for each resource type. This might be a migration concern if you currently use the TRANS CICSKEY resource to protect transaction accesses.