You can configure AT-TLS to support FIPS 140-2. Specify On for the FIPS140 statement of the TTLSGroupAction statement.
For information about configuring System SSL to run in FIPS 140-2 mode, see the System SSL and FIPS 140-2 topic in z/OS Cryptographic Services System SSL Programming.
If the RACF® CSFSERV class is defined, the user ID associated with the TCP/IP stack and any application user ID that is using the TTLSGroup must be given READ access to the CSFRNG resource within the CSFSERV class. If the CSFSERV class is defined and Diffie-Hellman is being used, the application user ID must be given READ access to the CSF1TRC, CSF1DVK, CSF1GKP, CSF1GSK, CSF1GAV, and CSF1TRD resources within the CSFSERV class.