The TSM Redbook found at http://www.redbooks.ibm.com/redbooks/pdfs/sg247505.pdf 
has a chapter on TSM managed tape encryption and how it is handled.

David

-----Original Message-----
From: ADSM: Dist Stor Manager [mailto:ADSM-L AT VM.MARIST DOT EDU] On Behalf Of 
McWilliams, Eric
Sent: Wednesday, July 08, 2015 2:50 PM
To: ADSM-L AT VM.MARIST DOT EDU
Subject: [ADSM-L] Tape Encryption

We are currently encrypting our data as it is being written to tape.  The 
auditors want to know how the encryption keys are managed.  All I can find is 
that the keys are managed by the Tivoli Storage Manager.

Does anyone have any documentation that explains how the keys are managed and 
what keeps someone from decrypting a tape that is lost or stolen?

tsm: >q dev ltodevc f=d

             Device Class Name: LTODEVC
        Device Access Strategy: Sequential
            Storage Pool Count: 1
                   Device Type: LTO
                        Format: DRIVE
         Est/Max Capacity (MB):
                   Mount Limit: DRIVES
              Mount Wait (min): 60
         Mount Retention (min): 60
                  Label Prefix: ADSM
                  Drive Letter:
                       Library: MEDSLIB
                     Directory:
                   Server Name:
                  Retry Period:
                Retry Interval:
                      Twosided:
                        Shared:
            High-level Address:
              Minimum Capacity:
                          WORM: No
              Drive Encryption: On
               Scaled Capacity:
       Primary Allocation (MB):
     Secondary Allocation (MB):
                   Compression:
                     Retention:
                    Protection:
               Expiration Date:
                          Unit:
      Logical Block Protection: No
Last Update by (administrator):
         Last Update Date/Time: 12/08/2014 13:14:44

                   Volume Name: XXXXXXX
             Storage Pool Name: TAPEPOOL
             Device Class Name: LTODEVC
            Estimated Capacity: 2.3 T
       Scaled Capacity Applied:
                      Pct Util: 100.0
                 Volume Status: Full
                        Access: Read/Write
        Pct. Reclaimable Space: 0.0
               Scratch Volume?: Yes
               In Error State?: No
      Number of Writable Sides: 1
       Number of Times Mounted: 1
             Write Pass Number: 1
     Approx. Date Last Written: 07/02/2015 05:16:24
        Approx. Date Last Read: 07/02/2015 05:16:24
           Date Became Pending:
        Number of Write Errors: 0
         Number of Read Errors: 0
               Volume Location:
Volume is MVS Lanfree Capable : No
Last Update by (administrator):
         Last Update Date/Time: 06/30/2015 18:17:40
          Begin Reclaim Period:
            End Reclaim Period:
  Drive Encryption Key Manager: Tivoli Storage Manager
       Logical Block Protected: No

Thanks

Eric

**********************************************************************
*** CONFIDENTIALITY NOTICE *** 

 This message and any included attachments are from MedSynergies, Inc. and are 
intended only for the addressee. The contents of this message contain 
confidential information belonging to the sender that is legally protected. 
Unauthorized forwarding, printing, copying, distribution, or use of such 
information is strictly prohibited and may be unlawful. If you are not the 
addressee, please promptly delete this message and notify the sender of the 
delivery error by e-mail or contact MedSynergies, Inc. at postmaster AT 
medsynergies DOT com.