How do I enable ICSF for password encryption?

Document ID : KB000014257
Last Modified Date : 14/02/2018
Show Technical Document Details
Question:

How do I enable ICSF for password encryption?

Answer:

The ACF2 GSO OPTS record field ICSF|NOICSF specifies whether ICSF hardware is used for encryption, if it is available and active. The default is NOICSF. 

Note: AES 128-bit encryption of passwords and password phrases is currently supported. 

The GSO OPTS ICSF option is only for password encryption (including database switch processing) it does not relate to certificate processing. 

If you set ACF2 to ICSF in the GSO OPTS record, then you have the FIPS 140 compliance. Also, if you turn on the ACF2 r15 new GSO OPTS option EVALMODE, you will get an error message in the log when the ICSF encryption fails. 

ACF2 does not require any hardware or crypto definitions.

To implement  

ACF
SET CONTROL(GSO)
CHANGE OPTS ICSF
CHANGE PSWD PSWDENCT(AES1)
F ACF2,REFRESH(OPTS)
F ACF2,REFRESH(PSWD) 

Details can be found in the ACF2 Documentation on the GSO OPTS ICSF/NOICSF field.