The z/OS® Trusted Key Entry Workstation allows you to manage IBM Z® host cryptographic modules running in Common Cryptographic Architecture (CCA) or IBM Enterprise PKCS#11 (EP11) mode, using compliant-level hardware-based key management techniques. IBM Z host crypto modules must be managed according to strict policies, which are influenced by various legal, regulator, and compliance requirements. In many cases, the final policies must include dual control management and hardware-based master key part protection to pass internal and external security audits.
If you are new to the crypto world or having trouble defining your policy, no problem. TKE provides a set of wizards that help you define and implement a set of security policies for managing your TKE appliance and your host crypto modules.