Using Your Security System › Security Profiles

Security Profiles

Security profiles let you define CA Tape Encryption resources to your security system and control those resources through the security system. You can define the following security profiles to the security system:

• Command protection profiles for CA Tape Encryption console commands.
• Key protection profiles for symmetric keys, digital certificate keys, and code books that have been defined to CA Tape Encryption. Key protection includes both the tape encryption and decryption process.
• Batch utility program protection for eligible CA Tape Encryption utility programs.
• Data set selection profiles to select data sets that are eligible for tape encryption processing.
• Specify Application Management profiles to manage which users can use the Option for Application Management.

You can use the TBESAF99 utility to generate control statements for your security system. The exact commands for each external security manager (ESM) have their own unique format. TBESAF99 provides a generic, common definition format that is not ESM dependent. This allows you to define control statement formats for all three of the ESM's by using one common set of instructions. However, administrators who are familiar with the control statements for their security system can create control statements without using TBESAF99.

Note: If not specifically defined, the SAF Interface component of CA Tape Encryption will default to PERMIT processing and no resources are protected in RACF or CA Top Secret. For CA ACF2, all resources are automatically protected.