Leverage Your Strengths
The current regulatory and economic climates demand more from your technology, and your skilled staff, than ever before. This is particularly true in your mainframe environment: sensitive data abound, downtime is unaffordable, and processing power, software development, and administration expertise each come at a premium.
To optimize performance and minimize the use of valuable CPU time when securing sensitive data in your mainframe applications, you've invested in cryptographic coprocessor hardware for your mainframe. That investment has shaped your application source code and administration processes.
Due to regulatory compliance pressure within your organization, choosing and implementing an enterprise key management solution has become a priority. You may have already identified RSA Key Manager as the class-leading solution for enterprise key life-cycle management. If so, you may already be realizing the value of timely access to policy-driven cryptographic key material for an authorized set of applications or devices throughout your enterprise.
IBM ICSF and RSA Key Manager are wise investments. Rocket Key Bridge for IBM ICSF and RSA Key Manager makes them wiser. It leverages Rocket's deep understanding of both industry-leading technologies to exploit their respective advantages.
Streamline Mainframe Key Management and Auditing
Rocket Key Bridge keeps your mainframe encryption key material up to date, and synchronized with changes that occur inside RSA Key Manager Server. As keys are imported, ICSF record labels are automatically chosen according to your organization's naming standards.
The RKBADMIN utility allows authorized mainframe administrators to retrieve the most up-to-date ICSF record label information for any managed Key Class, and makes your process for encryption key rollover simpler, more secure, and less error-prone.
Because Rocket Key Bridge notifies the RSA Key Manager Server whenever it chooses an ICSF record label for a new piece of imported key material, the RSA Key Manager Server can be used to audit the flow of sensitive key material to your mainframe environment. The granular SAF authorities supported by Rocket Key Bridge allow your mainframe security administrators to ensure that the imported keys are used appropriately.
Security in Depth
Where Rocket Key Bridge functionality requires network communication between hosts, all such communication is secured by mutually-trusted TLS connections. Additionally, the client identity in each TLS connection must be positively authorized to access the services it is requesting.
Inside the IBM z/OS mainframe environment(s) where Rocket Key Bridge services are available, requests for such services are subject to a granular set of SAF-based authorization checks. These SAF authorities are fully documented, and can be configured by the security administrator to test the requesting user against both the type of operation requested, and the data to which the operation applies.
- Requires no changes to application source code
- Uses the class-leading enterprise key life-cycle management of RSA Key Manager
- Automates and streamlines encryption key rollover for mainframe cryptography applications
- Simplifies regulatory compliance auditing for mainframe cryptography applications
- Built for high security and high performance; uses specialized mainframe cryptographic hardware and native key stores
- Granular, SAF-based access control; supports all major External Security Managers (IBM RACF, CA-ACF2, and CA-TopSecret)
- Easy installation includes an intuitive administration utility
- Includes a powerful set of call-level interfaces for deep integration options
- IBM z/OS 1.9, 1.10, 1.11, or 1.12
- IBM System SSL, Cryptographic Services base
- IBM CryptoExpress2 (CEX2C) or CryptoExpress3 (CEX3C) cryptographic coprocessor installed
- A network-accessible instance of RSA Key Manager Server v2.7 or later
Some components of Rocket Key Bridge for IBM ICSF and RSA Key Manager run on a Linux instance with the following requirements:
- Linux Standard Base 3.0-compliant Linux OS (SLES 10+ recommended)
- Support for software compiled for 32-bit x86 architecture
- RSA Key Manager Client v2.7.x for LSB 3.0 and 32-bit x86 architecture
This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)