Tape Encryption keysets can be marked as compromised. This action signifies to the system that the keysets are no longer to be used for encrypting tapes, though they still can be used for decryption. The security administrator should perform this action if a key is compromised or if the expiration date of the keyset is reached.

The tape encryption keyset can be marked as compromised through Security Center. This process also generates a new tape encryption keyset for use. The new tape encryption keyset is immediately marked as active. Create a backup copy of the new tape encryption keyset for security and propagate it to all systems that must decrypt tapes encrypted on this source system.

For information about marking a keyset as compromised, refer to the Security Center Help.