An ACID created with PASS(xxxxxx,,EXP) is able to sign on for the first time over a year after being created. INACTIVE(30) is set in the Top Secret parameter file.

It doesn't matter in this scenario what the INACTIVE parameter is set to. The counter does not start until the ACID signs on and becomes active and the password expires. After signing on and changing the password, the ACID would then have to be inactive for 30 days after the password has expired. At this point, access will be denied and the ACID will become suspended.

Also note that an ACID does not become suspended until a sign on is attempted. There must be a check against the ACID to determine that it has been inactive for too long.