Advanced Encryption Standard (AES) encryption under z/OS requires IBM Integrated Cryptographic Service Facility (ICSF) and PKA callable services to be enabled.

The ICSFSTAT internal call reports PKA callable services as enabled only after the Data Encryption Standard (DES) master key is loaded and valid. ICSFSTAT does not report PKA callable services as enabled when only the AES master key is loaded and valid. ICSFST2 element 3 reports PKA callable services as enabled when the DES and/or AES master key are loaded and valid.

Support for ICSFST2 calls was added in addition to ICSFSTAT calls.

Click the Hot Fix tab in this note to access the hot fix for this issue.

Operating System and Release Information

A fix for this issue for Base SAS 9.4_M7 is available at:

A fix for this issue for Base SAS 9.4_M6 is available at:

A fix for this issue for SAS/SECURE 9.41_M3 is available at: