Skip to Main Content
IBM Z Hardware and Operating Systems Ideas Portal


This is the public portal for all IBM Z Hardware and Operating System related offerings. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas
  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

ADD A NEW IDEA

ICSF

Showing 37

Extend support for TR31 key blocks with key usage P0 and mode of use B to AES PINPROT keys

About 5 years ago, I requested that you add support for mode of use B on key usage P0 key blocks, for IPINENC and OPINENC DES keys. That request was implemented, controlled by ACPs, and we have been making use of it. But that support was not exten...
7 days ago in z/OS / ICSF 0 Submitted

Repeat msg CSFM655I AN ARCHIVED RECORD COLINCIPHER2 IN THE ACTIVE CKDS WAS REFERENCED,whenever CSF restarted

I used an archived keyand got message CSFM655I AN ARCHIVED RECORD COLINCIPHER2 IN THE ACTIVE CKDS WAS REFERENCED. If I shutdown ICSF and restarted it, then used the key again, I did not get the message. It would be good if ICSF can produce the mes...
about 1 month ago in z/OS / ICSF 1 Future consideration

Add a specific CSF messages id to monitor the correct/(or not) initialization/start-up) of the CSFTTCP started task

Dear, In order to monitor the start-up of the CSFTTCP adress space with CA-OPSMVS automate and according to our standards we would like to have the possibility that CSFTTCP started task generates to the console specific messageids for the correct(...
almost 2 years ago in z/OS / ICSF 0 Future consideration

ICSF Hardware Support for (EC)DHE Key Exchange & TLS1.3 Handshakes

Even for TLS1.2 and for TLS1.3, (EC)DHE key exchange becomes more and more required. (EC)DHE based Ciphers are currently only minimal supported by Hardware (CPACF/Crypto CoProcessor). Also, TLS1.3 has a much larger footprint in terms of CPU consum...
over 1 year ago in z/OS / ICSF 1 Future consideration

Intrusion Latch Detection on z/OS

When a crypto express card encounters an intrusion latch detection error, this error may not be externalized to z/OS.
about 3 years ago in z/OS / ICSF 2 Future consideration

Rebuild masterkey - securise the masterkey change procedure with ICSF

Two Security Officers (OS) want to build a masterkey with two key parts from the menus ISPF/ICSF 1. The two OS are connected on the Panel CSFDKE50 ( ICSF - Master Key Entry) at the same time 2. The first OS informs: • Key Type: ECC-MK • Part: Firs...
5 months ago in z/OS / ICSF 1 Is a defect

The access control check for services, keys or cryptoz resources should be postponed until after the security product has initialized.

We've changed our ICSF startup to an 'early startup' by setting system parameters ICSFPROC=ICSF and ICSF=xx. We're now noticing the following messages during startup that weren't there before : CSFM012I NO ACCESS CONTROL AVAILABLE FOR CRYPTOZ RESO...
over 1 year ago in z/OS / ICSF 1 Future consideration

ICSF should allocate its DD cards after JES is up when started SUB=MSTR

Please enhance ICSF so that when we start it up SUB=MSTR it will eventually allocate it's DD card post JES starting up. The RACF address space exhibits this behavior today so it stands to reason it should be possible with ICSF.
over 4 years ago in z/OS / ICSF 1 Future consideration

Move ICSF cell pools above the bar

If a high enough burst of ATTLS requests comes in at once, ICSF cell pools can grow rapidly enough and fill CSF private storage. This results in ABEND878s and TCPIP leaving the sysplex group. At this point, an IPL is likely desired. Moving these c...
about 1 year ago in z/OS / ICSF 1 Future consideration

Function requirement - To support TRANSKEY+WRAPENH3 keyword in KGUP utility

PCI-PIN spec defined the key storage need to use key block format when store key tokens. IBM announced the WRAPENH3 format to comply PCI-PIN requirement which should support different ways to store key as WRAPENH3 format, including Key Generator U...
over 1 year ago in z/OS / ICSF 1 Future consideration