As mentioned previously, the TCB contains a bit that indicates if the current environment is trusted to open a program accessed data set (PADS) or not. This bit, the TCBNCTL, is turned on by RACF® when an unprotected and "untrusted" program is loaded into the environment.

The TCB dirty bit can also be turned on by TSO/E itself. If this is the case, none of the RACF traces will catch this. If you issue TSOEXEC pgm_name, which called IRXINIT to create a REXX environment, TSO/E would mark the TCBs on the parallel side "dirty", if the job-step TCB is "dirty". If there are any stack-related commands in the REXX exec, TSO/E checks the job-step TCB and marks the parallel side dirty if the job-step dirty bit is on. Examples of stack-related commands are: PUSH, PULL, QUEUE, MAKEBUF.

Even though TSOEXEC creates a "clean" parallel side in a TSOE address space, TSOE can mark the parallel side "dirty" if the REXX exec is being used and depending on what REXX is doing.