You can control whether an application can access a TCP/IP stack before the required policies have been installed, during the period of time after the stack is active but before Application Transparent Transport Layer Security (AT-TLS) has been initiated from policy. Access checking is performed only if you have configured AT-TLS in the initial PROFILE.TCPIP configuration data set. If AT-TLS is configured, you can control whether an application can access the TCP/IP stack before the required policies have been installed by defining the EZB.INITSTACK.sysname.tcpname resource profile in the SERVAUTH class. During the period of time after the stack is active and before AT-TLS has been initiated from policy, all socket requests are blocked if this resource profile is not defined. If this resource profile is defined, access to the stack is permitted only to user IDs that have READ access to the resource. Checking ceases the first time that the Policy Agent processing of the AT-TLS policy is completed, or when a profile change deactivates AT-TLS.