Although you can provide security for online data by using such facilities as RACF, these facilities do not protect data when it is stored offline. Sensitive data stored offline is susceptible to misuse.

Cryptography is an effective means of protecting offline data, if the enciphering techniques are adequate. The enciphering function is available by using the access method services REPRO ENCIPHER command. The data remains protected until you use the REPRO DECIPHER command to decipher it with the correct key.

When you use the REPRO ENCIPHER command, you can specify whether to use the Programmed Cryptographic Facility or Integrated Cryptographic Service Facility (ICSF) to manage the cryptographic keys, depending on which cryptographic facility is running as a started task. For ICSF, you must have cryptographic hardware activated in order to use the REPRO ENCIPHER and REPRO DECIPHER commands. The data remains protected until you use the REPRO DECIPHER option to decipher it with the correct key.

Related reading: For information on using the REPRO command to encrypt and decrypt data, see z/OS DFSMS Access Method Services Commands. For information on using ICSF, z/OS Cryptographic Services ICSF Overview.