Changes to the EXEC CICS VERIFY PASSWORD and EXEC CICS VERIFY PHRASE commands

When you specify the new SECVFYFREQ system initialization parameter for the CICS® region, CICS ensures that users who log on to CICS by a method that uses password verification, including the EXEC CICS VERIFY PASSWORD or EXEC CICS VERIFY PHRASE command, still have their records updated in RACF® at least once a day.

If you specify the system initialization parameter SECVFYFREQ=USRDELAY for the CICS region, CICS enforces a full verification request at least once a day for each user ID that is used to log on to the CICS region. The full verification request using the RACROUTE REQUEST=VERIFYX macro makes RACF record the date and time of last access for the user ID, and write user statistics. The behavior of your applications is the same whether or not you specify the SECVFYFREQ system initialization parameter. CICS checks the user ID at user login and replaces the password verification request with a full verification request when necessary.

Because the full verification request has a higher processor cost and response time than password verification, you might notice a slight performance impact when you specify the SECVFYFREQ system initialization parameter. The extent of the performance impact depends on your setting for the USRDELAY system initialization parameter for the CICS region. When you specify SECVFYFREQ, CICS makes a full verification request for a user ID when the user logs on after the USRDELAY interval has expired. CICS also applies a maximum limit of one day between full verification requests at user login. If your USRDELAY parameter is set to less than 1440 minutes (1 day), a full verification request takes place at user login more frequently than once a day.