Crypto Complete - Audit Trails
Crypto Complete includes comprehensive auditing for meeting the most stringent security requirements. Audit log entries are stored in a secure IBM journal file. Detailed information is recorded in each audit entry, including the audit type, audit description, date, time, user, job name, job number, comments and other pertinent information.
Based on user-configurable alerts, audit messages can additionally be routed to email recipients, QAUDJRN, QHST, QSYSOPR, SYSLOG and user message queues.
Audit log entries are generated for the following events in Crypto Complete:
- When any Key Policy settings are changed
- When Key Officers are added, changed or removed
- When Master Encryption Keys (MEKs) are loaded or set
- When Key Stores are created or translated
- When Data Encryption Keys (DEKs) are created, changed or deleted
- When Field Encryption Registry entries are added, changed, removed, activated or deactivated
- When any functions are denied due to improper authority
- When data is encrypted or decrypted with a key that requires logging of those events
The audit log entries can be displayed and printed using a variety of selection criteria, including date/time range, user and audit type.
The IBM i is also referred to as iSeries, AS/400, AS400 and i5