For security reasons, your installation may need to clear the master keys. This may be required, for example, prior to turning the processor hardware over for maintenance.
If you have a TKE workstation, you can use it to zeroize all domains that have keys loaded. Refer to z/OS Cryptographic Services ICSF TKE Workstation User's Guide for more information.
If you do not have a TKE workstation, you might want to consider nullifying the master keys. To do this you would need to enter new master keys for the master key you have loaded, reencipher a dummy CKDS and PKDS, and change the master keys. You would need to perform this operation twice to ensure that the master keys are cleared from the old master key register.
You can also use the zeroize function on the Support Element panel. Besides clearing the master keys, this also clears all domains and installation data.