CA XCOM Data Transport will make use of ICSF when performing SSL transfers only.
You will definitely need to provide/permit/define access to the "CSFSERV" resource class to the following:
1) The accessor ID associated with the CA XCOM address space ; and
2) Any accessor ID initiating a CA XCOM file transfer request
When IBM System SSL is configured for SSL transfers, you will need to determine what ciphers you will be using and based on that you will reference/follow the IBM documentation to determine which of the ICSF resources defined will need to be permitted for the XCOM ID's
If using OpenSSL, CA XCOM uses the ICSF CSNBSYE/CSNBSYD encryption functions.