Encrypting IMS external trace data set

Normally, IMS external trace data sets contain internal diagnostic trace data and no sensitive customer data. However, if you use the /DIAG command to capture internal storage and control blocks from IMS and you specify the external trace data sets as the target output, then it is possible to capture sensitive data in the trace data sets.

If you are using dynamic allocation for the IMS external trace data sets, you can encrypt the external trace data sets while IMS is running. Ensure you are not currently writing to IMS External trace. Then, delete and redefine the external trace data sets with a key label.

If you are using JCL-allocated external trace data sets (DFSTRA01 and DFSTRA02 DD statements in the control region startup JCL), shutdown IMS in order to delete and recreate the data sets as encrypted.