Scott, Okay, if you think data stored on disk is "data at rest"; please define "disk". Does a SSD (Solid-State Drive) count as a disk drive? What about a RAM drive (using either SRAM or DRAM)? If a RAM drive using SRAM or DRAM is a disk; then what is the difference between a RAM drive and memory in a computer?
And of course as Phil said, the decryption should not be done on an "automatic" basis; but rather based on rules. And who will control those rules; the external-security system. So, if the external-security system will control who can access the data via automatic decryption; how is that different than having the external-security system control access to the data in the first place. Just my opinion, but PCI really needs to do a better job of defining what needs to be done. But again, just my 2-cents Russell -----Original Message----- From: IBM Mainframe Discussion List [mailto:ibm-m...@bama.ua.edu]on Behalf Of Scott T. Harder Sent: Wednesday, February 11, 2009 11:46 AM To: IBM-MAIN@bama.ua.edu Subject: Re: Crypto-DASD? Now, that's what I'm talkin' about. Thanks, Timothy, for the info. FWIW... to me, data stored on disk is data at rest. It may not be all the time, but I think that the intent of that phrase, as used in the regulations, is pretty clear. Whether they were correct in using it can be argued, for sure, but.... Thanks to everyone. Scott T. Harder ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html
