The ICSF CHECKAUTH parameter controls whether or not RACROUTE security calls are made for callers that are supervisor state or are running in a system key (key 0 - 7). Typically, programs running in supervisor state or in a system key would be considered authorized and would not need any extra authentication. ICSF parameter setting of CHECKAUTH(YES) will turn on the needed SAF calls.
The CSFPRMxx member of SYS1.PARMLIB contains the ICSF startup parameters including the CHECKAUTH parameter. Note that with CHECKAUTH(NO), accesses to the ICSF services are not logged in SMF records for callers that are in supervisor state or in a system key.