Encrypting data sets
You can encrypt any data sets that you use with CICS® for which z/OS® data set encryption is supported.
Before you begin
Check the data set types for which z/OS data set encryption is supported, and CICS system data sets that are appropriate candidates for encryption. See Planning for data set encryption.
Ensure that you have set up the key labels to use. See Managing Cryptographic Keys Using the Key Generator Utility Program in z/OS Cryptographic Services ICSF Administrator's Guide.
Ensure that the RACF® tasks to provide authority to create encrypted data sets and to provide access to the key labels are complete, including the following tasks:
- Grant read access to STGADMIN.SMS.ALLOW.DATASET.ENCRYPT CL(FACILITY) to allow users to create encrypted data sets.
- Grant read access to the key labels. When a user attempts to access an encrypted data set, RACF checks that the user has authority to use the key label before any encryption occurs by checking access to the relevant profiles in the CSFKEYS and CSFSERV classes. For more information about these classes, see Data Set Encryption in z/OS DFSMS Using Data Sets .