Overview#An External Security Manager is a computing term that refers to an application outside the operating system that provides a layer of security to various system artifacts. The term is typically seen when referring to security products on IBM z/OS platforms. An example is the RACF security package. 
On z/OS there are three primary External Security Managers (ESM)
- RACF - Short for Resource Access Control Facility, is an IBM software product. It is a security system that provides access control and auditing functionality for the z/OS and z/VM operating systems. RACF was introduced in 1976
- Top Secret - Computer Associates
- ACF2 (Access Control Facility) is a commercial, discretionary access control software security system developed for the MVS (z/OS), VSE (z/VSE) and VM (z/VM) IBM mainframe operating systems Computer Associates now (2012) markets ACF2 as CA ACF2
In 1987, acquisitions made Computer Associates the largest independent vendor of mainframe infrastructure software and dominant vendor of OS/MVS security software with CA-Top Secret (#2 market share) and CA-ACF2 (#1 market share). IBM's RACF product held the #3 market share position. I really have no idea where market share of these products are today.
More Information#There might be more information for this subject on one of the following:
[#1] - http://en.wikipedia.org/wiki/External_Security_Manager retrieved 2012-10-15