IBM Enterprise Key Management Foundation – Web Edition V2.0 (EKMF Web) provides centralized key management for IBM z/OS data set encryption on IBM Z servers.
Learn more about EKMF Web 2.0
The use of AES Cipher keys, supported with z/OS Pervasive Encryption, provides additional attributes that are bound to the key itself such as export controls and supports stronger key wrapping when used in conjunction with EKMF.
IBM recommends using Cipher Keys for Pervasive Encryption whenever there is a need for keys to remain controlled under equivalently high security, even during key management operations like transfer between systems. For example, as is required by the Payment Card Industry Hardware Security Module Requirements (PCI HSM V1.0 #B2)
The minimum system requirements for using AES Cipher keys for z/OS Pervasive Encryption are z14 with CEX6 and ICSF HCR77C1.
All production, development, test, QA, and disaster recovery systems accessing z/OS data sets encrypted with AES Cipher keys must meet the minimum system requirements.