Question:

 Why is the CA Top Secret Module TSSSFS is running with the JSCBPASS bit set on?

Answer:

CA Top Secret is setting the bit in its own address space to insure it can successfully open all of its own data sets (security file, audit file, recovery file, ...) without authorization problems.

As the ESM we have no user logged on to the STC at startup so there is no way to provide any necessary authorizations via a security profile until the files are accessible. This only occurs in the TSS address space, the program that sets that bit is never used anywhere else.