The National Institute of Standards and Technology (NIST), the US federal technology agency that works with industry to develop and apply technology, has published the Federal Information Processing Standard #140-2 (FIPS 140-2) Security Requirements for Cryptographic Modules that can be required by organizations who specify that cryptographic-based security systems are to be used to provide protection for sensitive or valuable data.
The z/OS PKCS #11 services are designed to meet FIPS 140-2 Level 1 criteria and can be configured to operate in compliance with FIPS 140-2 specifications. Applications that need to comply with the FIPS 140-2 standard can therefore use the z/OS PKCS #11 services in a way that allows only the cryptographic algorithms (including key sizes) approved by the standard and restricts access to the algorithms that are not approved.
For more information on using the PKCS #11 services, refer to the z/OS Cryptographic Services ICSF Writing PKCS #11 Applications and the z/OS Cryptographic Services ICSF System Programmer's Guide.