ICSFMIG77A1_COPROCESSOR_ACTIVE

Description:
Detects cryptographic coprocessors that will not become active when starting HCR77A1. This checks compares the coprocessor master keys against the CKDS and PKDS.

This check is inactive by default – in order to use this check you must activate it. You should run this check on your system before installing the HCR77A1 release of ICSF.

Reason for check:
A coprocessor that has master keys that do not match the CKDS and PKDS will not become active when ICSF FMID HCR77A1 is started. This will affect the availability of coprocessors for cryptographic work. The method to decide which coprocessors become active changed for HCR77A1 and later.
z/OS® releases the check applies to:
ICSF FMID HCR7770 or later running on z/OS V1R9, z/OS V1R10, z/OS V1R11, z/OS V1R12, z/OS V1R13 or z/OS V2R1 with PTFs for APAR OA42011 applied.
Type of check (local or remote):
Local
User override of IBM values:
Start of changeThe following sample shows the defaults for customizable values for this check. Use this sample to make permanent check customizations in an HZSPRMxx parmlib member used at IBM Health Checker for z/OS startup. If you just want a one-time only update to the check defaults, omit the first line (ADDREPLACE POLICY) and use the UPDATE statement on a MODIFY hzsproc command. Note that using non-POLICY UPDATEs in HZSPRMxx can lead to unexpected results and is therefore not recommended.End of change
Start of changeADDREPLACE POLICY[(policyname)] [STATEMENT(name)]End of change
UPDATE
CHECK(IBMICSF,ICSFMIG77A1_COPROCESSOR_ACTIVE)
INACTIVE
SEVERITY(MEDIUM) INTERVAL(ONETIME) DATE('date_of_the_change')
REASON('Your reason for making the update.'))
Parameters accepted:
No.
Verbose support:
No
Debug support:
No
Reference:
For more information see z/OS Cryptographic Services ICSF Administrator's Guide.
Messages:
This check issues the following exception messages:
  • CSFH0020E
  • CSFH0021E
See in z/OS Cryptographic Services ICSF Messages.
SECLABEL recommended for multilevel security users:
SYSLOW - see z/OS Planning for Multilevel Security and the Common Criteria for information on using SECLABELs.
Parent topic: ICSF checks (IBMICSF)