Determining if a dataset has been encrypted

Technote (FAQ)


Question

Is it possible, using zSecure Audit, to report on those data sets that have had their contents encrypted?

Cause

Rising concern and audit findings related to documenting (and proving) a dataset (or list of datasets) have had their contents encrypted.

Answer

As of zSecure 1.9, there are two CARLa fields within SMF reporting that may be used for this purpose:

KEY_LABEL
This repeated field contains the key label(s) associated with the event described by the SMF record. It is filled for record type 14 with the label(s) identifying the encryption key used to encrypt the data that was written to tape. For RACF processing records (type 80 and 83, subtype 1), this contains the PKDS key label from relocate section 398. This field can contain up to 64 bytes of text, and is by default shown with that length.

KEY_LABEL_ENCODING
This repeated field contains the encoding for key label(s) associated with the event described by the SMF record. It is filled for record type 14 with either H or L, indicating Hash or Label encoding.

Cross reference information
Segment Product Component Platform Version Edition
Security IBM Security zSecure Audit for ACF2 -- z/OS 1.13.0, 1.13.1, 1.12, 2.1, 1.11 Enterprise
Security IBM Security zSecure Audit for Top Secret -- z/OS 1.13.0, 1.13.1, 1.12, 2.1, 1.11 All Editions

Rate this page:

(0 users)Average rating

Add comments

Document information


More support for:

IBM Security zSecure Audit for RACF

Software version:

1.11, 1.12, 1.13.0, 1.13.1, 2.1

Operating system(s):

z/OS

Software edition:

Enterprise

Reference #:

1384777

Modified date:

2014-07-16

Translate my page

Machine Translation

Content navigation