Glossary

Acronym Term Description
AES Advanced Encryption Standard A specification for the encryption of electronic data established by the U.S. National Institute of Standards and Technology (NIST) in 2001
  Basic format sequential dataset A sequential dataset in the original physical format, which can occupy up to 65,535 tracks on each volume
CPACF Central Processor Assist for Cryptographic Function A set of cryptographic instructions available in hardware on every zSeries processor unit
  Clear key An encryption key whose clear, unconcealed value exists in memory, outside protected hardware (for example, Crypto Express), while it is being used to encrypt or decrypt data
  Crypto Express A family of hardware security modules from IBM for high-security processing and cryptographic operations
  Cryptography The practice and study of techniques for secure communication in the presence of adversaries
DASD Direct-Access Storage Device A device providing persistent storage in which each block (the smallest unit of an I/O operation) can be accessed directly and quickly by specifying its location on the device; colloquially also referred to as “disk”
DFSMS Data Facility Storage Management Subsystem A z/OS subsystem that automates and centralizes the management of persistent storage (disks and tapes)
  Encryption key A parameter for an cryptographic algorithm. Must be kept secret in most applications (“secret key”), but some also work with “public keys”
EXCP Execute Channel Program A low-level I/O interface
  Extended format sequential dataset A sequential dataset that can be striped, encrypted or compressed, or any combination thereof
ICSF Integrated Cryptographic Service Facility A z/OS subsystem that creates and manages cryptographic keys and performs crypto operations in software or hardware
JCL Job Control Language The language of job control statements used to specify jobs to the job entry subsystem (JES)
JES Job Entry Subsystem A subsystem used by z/OS to receive jobs into the operating system, schedule jobs for processing, and control job output processing
  Key In the context of encryption, a shorthand for encryption key
  Key label A parameter to identify an encryption key, used by ICSF as a handle to locate the encryption key and its associated parameters
  Large format sequential dataset A sequential dataset in an advanced physical format, which can occupy up to 16,777,215 tracks on each volume
  Protected key A variation of secure key for high-performance bulk encryption and decryption using the CPACF instructions
RACF Resource Access Control Facility A component of the Security Server for z/OS, used to identify and authenticate users, authorize users to access protected resources, and record and report access attempts
  Secure key An encryption key that has been encrypted under another key and is used in a way that its clear value never leaves a hardware security module (for example, Crypto Express)
SMS Storage Management Subsystem A shorthand for DFSMS, Data Facility Storage Management Subsystem
XTS XOR-Encrypt-XOR Tweakable Block Cipher with Ciphertext Stealing A block cipher mode of operation used for encrypting data on storage devices