Activating data encryption - step 1
Activate data encryption and configure global settings.
- In the user interface, click the Administration tab.
- Select from the navigation menu.
- Click the System tab. Scroll down to the Encryption section.
- Clear the Reuse keys checkbox.
- Select the Wipe deleted files and Encrypt sensitive exports checkboxes.
Encryption covers the actual production data and certain parts of the configuration where PANs are expected, for example, in conditions and audit trails. Other parts of the configuration are not encrypted. You must never store clear PAN in any name or comment field of IBM® Safer Payments.
The PA-DSS standard recommends defining a maximum cryptoperiod after which a key must be replaced with a new one. For more information, see Enforcing regular key changes.
According to PA-DSS requirement 2.3, PANs must be rendered unreadable anywhere that they are stored. Therefore, you must enable Encrypt sensitive exports.