IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

ICSF

Showing 35

Isolate PCI traffic from non-PCI traffic on the crypto cards

One of our teams has to purchase hardware security module (HSM) to handle the encryption of the PCI traffic. If CSF could separate the PCI from the Non-PCI traffic, this could allow our team to use the hardware encryption process instead of buying...
about 1 month ago in z/OS / ICSF 2 Needs more information

Move ICSF cell pools above the bar

If a high enough burst of ATTLS requests comes in at once, ICSF cell pools can grow rapidly enough and fill CSF private storage. This results in ABEND878s and TCPIP leaving the sysplex group. At this point, an IPL is likely desired. Moving these c...
5 months ago in z/OS / ICSF 1 Future consideration

Function requirement - To support TRANSKEY+WRAPENH3 keyword in KGUP utility

PCI-PIN spec defined the key storage need to use key block format when store key tokens. IBM announced the WRAPENH3 format to comply PCI-PIN requirement which should support different ways to store key as WRAPENH3 format, including Key Generator U...
9 months ago in z/OS / ICSF 1 Future consideration

ICSF Hardware Support for (EC)DHE Key Exchange & TLS1.3 Handshakes

Even for TLS1.2 and for TLS1.3, (EC)DHE key exchange becomes more and more required. (EC)DHE based Ciphers are currently only minimal supported by Hardware (CPACF/Crypto CoProcessor). Also, TLS1.3 has a much larger footprint in terms of CPU consum...
10 months ago in z/OS / ICSF 1 Future consideration

Populate SMF 82 40 CMACZERO fingerprint for more key types

Having a single key fingerprint or checksum in the SMF data leads to collisions when trying to validate that the same key is not present in multiple environments. Having a second fingerprint in the SMF 82 40 records would help us to determine whet...
10 months ago in z/OS / ICSF 2 Future consideration

The access control check for services, keys or cryptoz resources should be postponed until after the security product has initialized.

We've changed our ICSF startup to an 'early startup' by setting system parameters ICSFPROC=ICSF and ICSF=xx. We're now noticing the following messages during startup that weren't there before : CSFM012I NO ACCESS CONTROL AVAILABLE FOR CRYPTOZ RESO...
11 months ago in z/OS / ICSF 1 Future consideration

Add a specific CSF messages id to monitor the correct/(or not) initialization/start-up) of the CSFTTCP started task

Dear, In order to monitor the start-up of the CSFTTCP adress space with CA-OPSMVS automate and according to our standards we would like to have the possibility that CSFTTCP started task generates to the console specific messageids for the correct(...
about 1 year ago in z/OS / ICSF 0 Future consideration

ICSF: quick rollback to the old master key in case of problems with the coordinated change Master Key

Normally we load the 2 parts of the mk from the TKE. Then from the ICSF we make the option Coordinated xKDS change MK. This process change the new MK in alls systems of the sysplex (re-enchypher included). This process seems very robust. But in ca...
almost 2 years ago in z/OS / ICSF 1 Not under consideration

Enhance ICSF to support dynamic Enable and Disable for ICSF TKDS

Current and recent releases of ICSF provide a function to Enable and Disable dynamic updates to ICSF CKDS & PKDS datasets - I believe via PANELID CSFACF00. This function is missing for ICSF TKDS dataset. It would be nice to have consistency a...
almost 2 years ago in z/OS / ICSF 0 Future consideration

Add ICSF Flush command

Provide a mechanism to complete any remaining ICSF work in-flight to be executed just prior to lpar shutdown. This would be in lieu of actually stopping ICSF.
over 2 years ago in z/OS / ICSF 1 Future consideration

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.