Book description
Abstract
This IBM® Redbooks® publication provides a broad explanation of data protection through encryption and IBM Z® pervasive encryption with a focus on IBM z/OS® data set encryption. It describes how the various hardware and software components interact in a z/OS data set encryption environment.
In addition, this book concentrates on the planning and preparing of the environment and offers implementation, configuration, and operational examples that can be used in z/OS data set encryption environments.
This publication is intended for IT architects, system programmer, and security administrators who plan for, deploy, and manage security on the Z platform. The reader is expected to have a basic understanding of IBM Z security concepts.
Table of contents
- Front cover
- Notices
- Preface
- Chapter 1. Protecting data in today’s IT environment
-
Chapter 2. Identifying components and release levels
- 2.1 Starting a z/OS data set encryption implementation
- 2.2 Required and optional hardware features
-
2.3 Required and optional software features
- 2.3.1 IBM z/OS DFSMS
- 2.3.2 IBM z/OS Integrated Cryptographic Service Facility
- 2.3.3 IBM System Authorization Facility
- 2.3.4 IBM Resource Access Control Facility for z/OS
- 2.3.5 IBM Multi-Factor Authentication for z/OS
- 2.3.6 IBM Security zSecure Suite
- 2.3.7 IBM Security QRadar
- 2.3.8 IBM zBNA and zCP3000
- 2.4 Cost and performance effect
-
Chapter 3. Planning for z/OS data set encryption
- 3.1 Creating an implementation plan
- 3.2 Data set administration considerations
- 3.3 Resource authorization considerations
- 3.4 ICSF administration considerations
-
3.5 Key management considerations
- 3.5.1 Understanding key management
- 3.5.2 Reviewing industry regulations
- 3.5.3 Choosing key algorithms and lengths
- 3.5.4 Determining key security
- 3.5.5 Choosing key officers
- 3.5.6 Using protected keys for high-speed encryption
- 3.5.7 Creating a key label naming convention
- 3.5.8 Deciding whether to archive or delete keys
- 3.5.9 Defining key rotation
- 3.5.10 Establishing cryptoperiods
- 3.5.11 Establishing a process for handling compromised operational keys
- 3.5.12 Establishing a process for handling compromised master keys
- 3.5.13 Choosing key management tools
- 3.5.14 Determining key availability needs
- 3.5.15 Creating backups of keys
- 3.5.16 Planning for disaster recovery
- 3.6 General considerations
- Chapter 4. Preparing for z/OS data set encryption
-
Chapter 5. Deploying z/OS data set encryption
- 5.1 Readiness checklists for deployment
- 5.2 Deploying z/OS data set encryption
- 5.3 Generating a secure 256-bit AES DATA key
- 5.4 Protecting data sets with secure keys
- 5.5 Encrypting a data set with a secure key
- 5.6 Verifying that the data set is encrypted
- 5.7 Granting access to encrypted data sets
- 5.8 Accessing encrypted data sets
- 5.9 Viewing the encrypted text
-
Chapter 6. Auditing z/OS data set encryption
- 6.1 Auditing encrypted sequential data sets
- 6.2 Auditing encrypted VSAM data sets
- 6.3 Auditing crypto hardware activity
- 6.4 Auditing security authorization attempts
- 6.5 Auditing crypto engine, service, and algorithm usage
- 6.6 Auditing key lifecycle transitions
- 6.7 Auditing key usage operations
- 6.8 Formatting SMF Type 82 records
- Chapter 7. Maintaining encrypted data sets
- Chapter 8. Maintaining the ICSF environment
- Chapter 9. Maintaining data set encryption keys
- Appendix A. Troubleshooting
- Related publications
- Back cover
Product information
- Title: Getting Started with z/OS Data Set Encryption
- Author(s):
- Release date: June 2018
- Publisher(s): IBM Redbooks
- ISBN: 9780738456874
You might also like
book
Getting Started with z/OS Data Set Encryption
This IBM® Redpaper Redbooks® publication provides a broad explanation of data protection through encryption and IBM …
book
IBM WebSphere: Deployment and Advanced Configuration
The expert guide to deploying and managing any WebSphere Application Server V5.x application and environment If …
book
IBM System z Personal Development Tool Vol. 4 Coupling and Parallel Sysplex
This IBM® Redbooks® publication describes the usage of Coupling Facility (CF) functions with the IBM System …
book
OSA-Express Implementation Guide
This IBM® Redbooks® publication will help you to install, tailor, and configure the Open Systems Adapter …