There is the real issue. The PCI standard required that data needs to be encrypted when the "data is at rest". But of course, they do NOT define what "data is at rest" means. Some say "written to any media"; but that is NOT what the PCI standard says. If it did, then no question. But the PCI standard says to encrypt "data at rest". Is online DASD "at rest"? In my opinion (and this is strictly my own personal opinion) is no. To my way of thinking, "data at rest" would imply it is on some type of removable media that is not cable-attached directly to a machine.
For example, data on a tape/cartridge? Definitely at-rest. Data on a USB thumb drive? Definitely at-rest. Data on a laptop that is powered off? Ah, this gets harder. My opinion, yes. Data on a dasd device in a secure location that is cable attached to a mainframe? Again, in my opinion no. -----Original Message----- From: IBM Mainframe Discussion List [mailto:[email protected]]on Behalf Of Bohn, Dale Sent: Tuesday, February 10, 2009 12:48 PM To: [email protected] Subject: Re: Crypto-DASD? Encrypted DASD is seen by some as a simple solution to the PCI standard requiring the PAN (credit card number) to be encrypted when the data is at rest ( written to media). It would not require alteration of either system or application software to implement. Several vendors are working on this, but are waiting for the adoption of the IEEE standard on key management. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
