z/OS Cryptographic Services - ICSF Best Practices
Project and Program:
Enterprise Data Center,
Security and Compliance
Tags:
Proceedings,
2014,
SHARE in Pittsburgh 2014
This presentation covers IBM recommendations for Cryptographic Administrators and System programmers. Recommendations include the use of cryptographic coprocessors and master keys for protecting cryptographic key material. Access control to ICSF services and key material should be protected using the CSFSERV, CSFKEYS, and CRYPTOZ SAF classes. IBM also recommends setting up ICSF key store policy rules using the XFACILIT SAF class for how encrypted key tokens stored in the CKDS and PKDS can be accessed and used. Additionally this presentation will discuss various settings in the ICSF options data set and how they affect both security and performance.-Steve Hart-IBM Corporation
Back to Proceedings File Library