Ron, There are a couple of things you can do.
- expand the vsam or database and create a new key that will be assigned to everyone - use your favorite encryption method via ICSF to encrypt the card number - centralize the method for encrypting and decrypting the data and place controls around it There are some products out there that you may find helpful. - www.Voltage.com - FPE - format preserving encryption - allows you to keep the same field size and just encrypt it - DB2 Encryption tool http://www-01.ibm.com/software/data/db2imstools/db2tools/ibmencrypt/ - I remember there being a couple others... but they escape me right now IBM TechDocs with search term "crypto" http://www-03.ibm.com/support/techdocs/atsmastr.nsf/WebAllDocs2/?Search&Query=[HTMLDocumentName=WM*]+AND+(crypto)&Start=1&Count=200&SearchOrder=4&DateSearch=1&SearchMax=10000 Basic article in Systemmag http://ibmsystemsmag.com/mainframe/administrator/security/Cloaking-Cardholder-Data-With-PCI-Compliance/ If you are trying to make sure your system is secure for PCI... - zSecurity Health Check - myself and a number of other providers else can look at the ACF2/RACF/TopSecret and tell you what you are doing right and not-so-right - VatSecurity.com - the only way to make sure the wonderful system integrity is really there - zSecure - Tiovli - http://www.ibm.com/software/tivoli/products/zsecure/ - CA-Audit - There are other auditing tools as well. Rob Schramm Senior Systems Consultant Imperium Group On Tue, Nov 15, 2011 at 4:53 AM, Ron Thomas <[email protected]> wrote: > > Hi Listners, > > > We have go a customer number in applications and this number is currently > part of a primary key, we have a requirement to encrypt this number and also > should not be used in the tables directly , which means this can not be part > of a primary key. pls share your thoughts on the same as to how to take this > forward? > > Regards > Ron > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to [email protected] with the message: GET IBM-MAIN INFO > Search the archives at http://bama.ua.edu/archives/ibm-main.html ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
