Top Secret r16.0 and Top Secret r15.0 Shared Security File

Document ID : KB000031405
Last Modified Date : 29/08/2018
Show Technical Document Details
Can a CA Top Secret r16.0 system share security files (BDAM and VSAM) with a CA Top Secret r15.0 system or be backed out from r16.0 to r15.0 using the same security files?

You may come up with CA Top Secret r16.0 on one side of a shared security file with CA Top Secret r15.0 without issues.  There is no need to reformat a security file simply to test base CA Top Secret r16.0.  You can also reformat a CA Top Secret security file under r16.0 and share with an r15.0 system as long as you do not turn on any features within r16.0 that will cause security file structure changes. 

The current CA Top Secret r16.0 features that would alter the security file format and, therefore, disallow sharing are: 

Increased ACID Size Limit (MAXACIDSIZE)

An increased ACID size limit is now available. When creating a security file, you can assign a maximum value of 1024 for the optional MAXACIDSIZE parameter.

Control Option for Storing Facility Matrix Entries on the Security File

A new control option (FACSTOR) lets you store facility matrix entries on the security file (instead of the parameter file). When you specify FACSTOR(YES), entries are hardened to the security file after the product is restarted. Any changes to the entries are automatically stored on the security file (and logged to the recovery file). (This will not actually be a problem when sharing with r15.0, but the facility parameters will still need to be maintained on r15.0 separately.)

Support for 256-Bit AES Encryption of Passwords/Password Phrases

CA Top Secret now supports 256-bit AES encryption of passwords and password phrases.


  • A security file that has 256-bit AES encryption enabled cannot be shared with CA Top Secret r15 (and earlier) systems. If you want 256-bit AES encryption while sharing the file, ensure that all shared systems are at least Version 16.

As each new feature is released it will be stated whether or not that feature will be available on in a shared environment with r15.0