z/OS data set encryption

Introduction to z/OS data set encryption

z/OS® data set encryption enables encryption through the DFSMS access methods. You can use z/OS data set encryption to encrypt the following types of data sets:
  • Sequential extended format data sets, accessed through BSAM and QSAM
  • VSAM extended format data sets (KSDS, ESDS, RRDS, VRRDS, LDS), accessed through base VSAM and VSAM RLS

Encrypted data sets must be SMS-managed extended format. They can be compressed format, also.

Data set encryption relies on ICSF and AES 256 bit encryption DATA keys stored in a CKDS. In addition, data set encryption takes advantage of the security capabilities of the Crypto Express® adapter along with the performance characteristics of on-chip crypto using CPACF.