When executing in FIPS mode, System SSL supports the generation of random bytes. System SSL generates random bytes by using ICSF's CSFPPRF callable service. In order for System SSL to call this service, ICSF must be available before System SSL's run time that is being initialized by the application. If access to the CSFPPRF callable service is protected by a CSFSERV class profile, the application's user ID must be authorized to use the service. For more information about the CSFSERV resource class, see RACF CSFSERV resource requirements.