Can you have Passphases and passwords both set in the Top Secret parameter file?

Yes. With password and passphrase you can use either. If the user types in the correct password, the user will get logged on. 

Passphrase (NEWPHRASE) is a different field than the Password (NEWPW). This means users may have both a password and a pass phrase. 

- If both a password and a pass phrase are supplied, the pass phrase will take precedence. 
- If there is a single signon attempt that specifies both a password and a passphrase, only the pass phrase will be checked. 

Passwords and passphrases have their own expiration and are independent of each other. If the user exceeds the violation threshold for either password or passphrases, the user will be suspended. The user will need to be unsuspended first in order for the ACID to be used. It doesn’t matter it they were suspended when using a passphrase or password. 

Requiring a user to enter only a PASSWORD or PASSPHRASE in order to sign on would be done on the application side, not the Top Secret side.

In your Control Options setting you could have for example: 

TSS9661I CA Top Secret PHRASE Status 
NEWPHRASE(MIN=09,MAX=100,WARN=03,MINDAYS=00,SC=00,MA=00,MN=00) 
PSWDPHRASE(OFF) NPPTHRESH(02) 
PPEXP(030) PPHIST(03) 

TSS9661I CA Top Secret PASSWORD Status 
NEWPW(MIN=05,MAX=008,WARN=03,MINDAYS=01,ID,TS,RS,MC) 
HPBPW(002) MSUSPEND(NO) NPWRTHRESH(2) 
PWEXP(030) PWHIST(01) PTHRESH(005)