A key that is protected under the AES-MK is in operational form, which means that ICSF can use it in cryptographic functions on the system.
When you store a key with a file or send it to another system, the key can be protected using an RSA key pair.