On Tue, Feb 10, 2009 at 1:48 PM, Bohn, Dale <[email protected]> wrote: > Encrypted DASD is seen by some as a simple solution to the PCI standard > requiring the PAN (credit card number) to be encrypted when the data is at > rest ( written to media). It would not require alteration of either system or > application software to implement. Several vendors are working on this, but > are waiting for the adoption of the IEEE standard on key management.
And of course they're wrong -- encrypted DASD does not meet the requirements of PCI, which include role-based access control. If the data is automatically decrypted on access, then there's no additional security from the PCI perspective. The only added security, as others have noted, is that if you accidentally leave your DS8100 at the airline gate, the kid who finds it can't trivially read the VSAM data ... ;-) (And no, I'm not suggesting that you, Dale, thought it was a real solution!) Since Scott Harder started mentioning products, I'll add that Voltage SecureData provides full PCI-compliant encryption -- without requiring changes to most applications or to database schema. -- ...phsiii Phil Smith III [email protected] Voltage Security, Inc. www.voltage.com (703) 476-4511 (home office) (703) 568-6662 (cell) ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to [email protected] with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
