see below the relevant STIG (V8r11)- TSS0-ES-000100: IBM z/OS for PKI-based authentication must use ICSF or the ESM to store keys.
Any keys or Certificates must be managed in ICSF or the external security manager and not in UNIX files. ITschak Mugzach *|** IronSphere Platform* *|* *Information Security Continuous Monitoring for z/OS, x/Linux & IBM I **| z/VM coming soon * On Wed, Jan 17, 2024 at 11:22 PM Phil Smith III <li...@akphs.com> wrote: > Itschak Mugzach wrote: > >The STIG does not allow a uss keystore. > > Ummmkay? I see no mention of a STIG here. But as I said, I'm even SWAGging > what he really wants/needs. > > > ---------------------------------------------------------------------- > For IBM-MAIN subscribe / signoff / archive access instructions, > send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN > ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@listserv.ua.edu with the message: INFO IBM-MAIN
