Hi,

Another thread ("mainframe encryption") raised the point of OS-level authentication not ideally satisfying the encryption requirement.

Specifically, how does one enforce dual control when multiple admins have ALLOBJECT authority? Do fellow forum-users think that the following is a compensating control that would satisfy the standard:

- Logging access to the files containing the split key
- Journaling of this log (i.e. tampering not possible by anyone)
- Continuous monitoring of this log to ensure that users have not accessed both halves of the key.

Thanks for any advice

Craig

The first question I have is why are the key halves stored on the system?

Key management 101 states that once the key halves are entered into the system and the system generates the actual key, the key halves should be destroyed as they are no longer needed. Key halves are seed values for generating a key, not the key themselves by putting the halves together.

Your key generation process is likely not correct and needs to be adjusted to meet the requirements of proper key management and generation.

That said, one thing you are missing in your compensating controls is some sort of hash of the key halves or key are not stored in clear text. However, that leads to another key management conundrum of where to store and manage that key.

Something to look into is a key management system for your iSeries (your ALLOBJ comment gave it away). There are a number of key management and encryption solutions available for the iSeries. I would highly recommend selecting one of those solutions.