CryptoMon - ISPF Cryptographic Key Manager
ISPF Cryptographic Key Manager. Provides a comprehensive, behind-the-scenes look at your data center’s mainframe cryptography.
An organization’s very existence may depend on the quality of its security. Cryptography – the encrypting and decrypting of information that is deemed to be private and confidential – is an extremely important component of an organization’s security program. It provides an additional level of security should an intruder breach other aspects of your security system. To help you implement cryptography in your mainframe site, the z/OS system provides several hardware and software components, be they IBM’s or third-party products.
ICSF (Integrated Cryptographic Service Facility) is the IBM licensed program that provides access to the hardware cryptographic feature. It supports hashing, digital signature, conventional as well as public-key cryptography and other cryptographic features. Its main strength is secure key cryptography: secret keys or private keys can never be found in a readable form outside the cryptographic hardware.
The issue here is that the people in charge of security have very little information about how cryptography and ICSF are implemented. The cryptographic control data sets that ICSF uses may contain errors or be out of sync. Cryptographic keys may have been created, that you know nothing about. Problems may be looming, such as keys that are about to expire as well as digital certificates (that are in fact a specific type of key). RACF may not correctly protect keys or ICSF services. Several types of exceptions and concerns are checked. Security violations of all sorts or some important cryptographic events may occur and go unnoticed.
CryptoMon has been specifically designed to display the missing information. It is the ideal product for enterprise data centers that make an everyday use of cryptography and want to know what happens under the cover. Not only does it provide you, the user of z/OS cryptography, with a comprehensive tool for readily monitoring your cryptographic system, but it also enables you to invoke crypto services to accomplish some specific housekeeping tasks.
As a non-invasive mainframe product, CryptoMon is also quite easy to install and implement. The first real world use of the product is a matter of hours, since its ISPF interface is very straightforward.