Key Management for Encryption and PCI Compliance
Crypto Complete includes an advanced Key Management system which resides natively on the IBM i. This Key Management system is seamlessly integrated with Crypto Complete’s policy controls, encryption functions and auditing facilities to provide a comprehensive data protection solution.
Together with the integrated security on IBM i, organizations can strictly control access to Key maintenance and usage activities to meet stringent compliance requirements such as PCI DSS. The encryption keys can either reside on the same IBM i system or partition as the data or can be managed and stored on a different system or partition.
Secure Multi-Level Architecture
Crypto Complete provides a secure multi-level architecture to protect Data Encryption Keys on IBM i.
Establish policy settings on how Data Encryption Keys can be created and utilized for compliance requirements (e.g. dual control, separation of duties)
Strong Key Values
Randomly generate strong Key values up to 256 bits in length
Control which users are authorized to create and manage Keys. Access can be controlled by user profiles, group profile and/or authorization lists.
Option to import or link to Data Encryption Keys from other Key Management Systems, including Vormetric and Safenet
Crypto Complete provides interfaces for securely sharing Keys with other systems such as point-of-sale (POS) systems, Windows, Linux and AIX.
Protect Data Encryption Keys using Master Encryption Keys and restrict the retrieval of the actual Data Encryption Key values
Protect the recreation of a Master Encryption Key by requiring passphrases from 2 to 8 users
Organize Data Encryption Keys into one or more Key Stores
Produce detailed audit logs on all Key management activities