z/OS data set encryption
Introduction to z/OS data set encryption
- Sequential extended format data sets, accessed through BSAM and QSAM
- VSAM extended format data sets (KSDS, ESDS, RRDS, VRRDS, LDS), accessed through base VSAM and VSAM RLS
Encrypted data sets must be SMS-managed extended format. They can be compressed format, also.
Data set encryption relies on ICSF and AES 256 bit encryption DATA keys stored in a CKDS. In addition, data set encryption takes advantage of the security capabilities of the Crypto Express® adapter along with the performance characteristics of on-chip crypto using CPACF.