Pervasive Encryption on zOS

This class is intended for z/OS system programmers and security specialists in charge of designing, implementing and monitoring Pervasive Encryption on z/OS.

In this course, you will learn how to:

• Describe the components of Pervasive Encryption on z/OS
• Explain the role of encryption for data protection
• Implement hardware crypto on your z System
• Load and activate AES Master Keys
• Implement and start ICSF
• Understand the differences between secure keys clear keys and protected keys
• Describe how are key values used for encryption and decryption
• Generate, maintain and manage Keys
• Setup access to key labels
• Setup policy to supply key label (RACF SMS JCL)
• Access data in encrypted data sets
• Create encrypted data sets - Supplying key labels
• Convert existing data sets to encryption
• Verify encryption status
• Encrypt Data in Transit
• Encrypt Data at Rest
• Manage data sets, data keys, and key labels

 Day 1

• Welcome
• Unit 1: Pervasive Encryption Technical Foundation
• Unit 2: Pervasive Encryption: Planning
• Unit 3: Pervasive Encryption: implementation considerations
• Unit 4: Dataset Encryption Implementation steps

Day 2

• Exercise 1: Setup and start ICSF
• Exercise 2: Load and initialize your AES master key and CKDS
• Unit 5: ICSF and crypto on z/OS
• Exercise 3: Define your data keys
• Exercise 4: Implement dataset encryption policy, encrypt/decrypt data sets

Day 3

• Exercise 5: Operational tasks for managing data sets, data keys, and key labels
• Unit 6: Key management: ICSF and the Crypto Ecosystem on Z
• Unit 7: z15 Hardware Encryption Overview and Performance
• Exercise 6: Master Key Change using ICSF (optional)
• Exercise 7: Implement zFS encryption (optional)

You should have the following prerequisites:

• General z/OS knowledge, including basic UNIX System Services skills
• Basic knowledge of RACF

• Official course book provided to participants.