Crypto Complete includes an integrated and comprehensive Key Management System to meet stringent compliance standards such as PCI DSS. The encryption keys can either reside on the same IBM i system (or partition) as the data or can be managed and stored on a different system/partition.
Within Crypto Complete, Data Encryption Keys can be generated up to 256 bit lengths to provide a high level of protection.
Crypto Complete's Key Management System allows organizations to:
- Establish policy settings on how Data Encryption Keys can be created and utilized
- Indicate which users can create and manage Keys
- Randomly generate strong Key values up to 256 bits in length
- Option to import or link to Data Encryption Keys from other Key Management Systems
- Protect Data Encryption Keys using Master Encryption Keys
- Dual Control - Protect the recreation of a Master Encryption Key by requiring passphrases from 2 to 8 users
- Organize Data Encryption Keys into one or more Key Stores
- Restrict the retrieval of the actual Data Encryption Key values
- Provide separation of duties (i.e. the creator of a Key can be restricted from using the Key to encrypt and/or decrypt data)
- Control which users can utilize Keys to encrypt and decrypt data
- Produce detailed audit logs of all Key Management activity
Crypto Complete provides a multi-level security architecture to protect Data Encryption Keys on IBM i.
Crypto Complete also integrates with 3rd party key management systems including Vormetric and Safenet.
The IBM i is also referred to as System i, iSeries, AS/400, AS400 and i5