What TAATOOL are you using? Does it use the QSYGETPH API? Have you checked the audit journal? You may be able to find more information there.
It’s a normal message for many high-security products or functions, but it would usually be consumed internally. Where do you see the message? Only in the audit report or somewhere else?
If it appears in a job log or message queue, then display help for the message and check message details. That should tell you what job creates the message and what program is doing it. You ought to know if the program is supposed to be capable of generating handles for QSECOFR.
A QSECOFR handle would normally be generated only by IBM or a 3rd-party product. An in-house function <i>should</i> know enough to generate the handle for a different *SECOFR profile. Still, “pages of the message” seems excessive. Only one should be needed for any given function.