Determining if a dataset has been encrypted
Is it possible, using zSecure Audit, to report on those data sets that have had their contents encrypted?
Rising concern and audit findings related to documenting (and proving) a dataset (or list of datasets) have had their contents encrypted.
As of zSecure 1.9, there are two CARLa fields within SMF reporting that may be used for this purpose:
This repeated field contains the key label(s) associated with the event described by the SMF record. It is filled for record type 14 with the label(s) identifying the encryption key used to encrypt the data that was written to tape. For RACF processing records (type 80 and 83, subtype 1), this contains the PKDS key label from relocate section 398. This field can contain up to 64 bytes of text, and is by default shown with that length.
This repeated field contains the encoding for key label(s) associated with the event described by the SMF record. It is filled for record type 14 with either H or L, indicating Hash or Label encoding.
|Security||IBM Security zSecure Audit for ACF2||z/OS||1.12, 1.13.0, 1.13.1, 2.1, 2.1.1||Enterprise|
|Security||IBM Security zSecure Audit for Top Secret||z/OS||1.12, 1.13.0, 1.13.1, 2.1, 2.1.1||All Editions|
More support for:
IBM Security zSecure Audit for RACF
Software version: 1.12, 1.13.0, 1.13.1, 2.1, 2.1.1
Operating system(s): z/OS
Software edition: Enterprise
Reference #: 1384777
Modified date: 2015-07-16