diff --git a/lib/libcryptsetup.h b/lib/libcryptsetup.h
index 103ba911..62accc69 100644
--- a/lib/libcryptsetup.h
+++ b/lib/libcryptsetup.h
@@ -1061,6 +1061,8 @@ int crypt_keyslot_destroy(struct crypt_device *cd, int keyslot);
 #define CRYPT_ACTIVATE_SERIALIZE_MEMORY_HARD_PBKDF (1 << 19)
 /** dm-integrity: direct writes, use bitmap to track dirty sectors */
 #define CRYPT_ACTIVATE_NO_JOURNAL_BITMAP (1 << 20)
+/** device is suspended (key should be wiped from memory), output only */
+#define CRYPT_ACTIVATE_SUSPENDED (1 << 21)
 
 /**
  * Active device runtime attributes
diff --git a/lib/libdevmapper.c b/lib/libdevmapper.c
index b3a26fe7..8b04ab62 100644
--- a/lib/libdevmapper.c
+++ b/lib/libdevmapper.c
@@ -2519,6 +2519,9 @@ static int _dm_query_device(struct crypt_device *cd, const char *name,
 	if (dmi.read_only)
 		dmd->flags |= CRYPT_ACTIVATE_READONLY;
 
+	if (dmi.suspended)
+		dmd->flags |= CRYPT_ACTIVATE_SUSPENDED;
+
 	tmp_uuid = dm_task_get_uuid(dmt);
 	if (!tmp_uuid)
 		dmd->flags |= CRYPT_ACTIVATE_NO_UUID;
diff --git a/src/cryptsetup.c b/src/cryptsetup.c
index 0a02d128..ca0ec4fe 100644
--- a/src/cryptsetup.c
+++ b/src/cryptsetup.c
@@ -744,8 +744,9 @@ static int action_status(void)
 		log_std("  size:    %" PRIu64 " sectors\n", cad.size);
 		if (cad.iv_offset)
 			log_std("  skipped: %" PRIu64 " sectors\n", cad.iv_offset);
-		log_std("  mode:    %s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
-					   "readonly" : "read/write");
+		log_std("  mode:    %s%s\n", cad.flags & CRYPT_ACTIVATE_READONLY ?
+					   "readonly" : "read/write",
+					   (cad.flags & CRYPT_ACTIVATE_SUSPENDED) ? " (suspended)" : "");
 		if (cad.flags & (CRYPT_ACTIVATE_ALLOW_DISCARDS|
 				 CRYPT_ACTIVATE_SAME_CPU_CRYPT|
 				 CRYPT_ACTIVATE_SUBMIT_FROM_CRYPT_CPUS))
diff --git a/tests/api-test-2.c b/tests/api-test-2.c
index b3cce668..69f4f849 100644
--- a/tests/api-test-2.c
+++ b/tests/api-test-2.c
@@ -537,6 +537,7 @@ static void UseLuks2Device(void)
 
 static void SuspendDevice(void)
 {
+	struct crypt_active_device cad;
 	int suspend_status;
 
 	OK_(crypt_init(&cd, DEVICE_1));
@@ -552,6 +553,8 @@ static void SuspendDevice(void)
 	}
 
 	OK_(suspend_status);
+	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+	EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
 #ifdef KERNEL_KEYRING
 	FAIL_(_volume_key_in_keyring(cd, 0), "");
 #endif
@@ -561,6 +564,9 @@ static void SuspendDevice(void)
 	OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
 	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
 
+	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+	EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
+
 	OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
 	OK_(crypt_suspend(cd, CDEVICE_1));
 	FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");
diff --git a/tests/api-test.c b/tests/api-test.c
index a78800db..fdf9168c 100644
--- a/tests/api-test.c
+++ b/tests/api-test.c
@@ -678,6 +678,7 @@ static void UseLuksDevice(void)
 
 static void SuspendDevice(void)
 {
+	struct crypt_active_device cad;
 	int suspend_status;
 
 	OK_(crypt_init(&cd, DEVICE_1));
@@ -693,12 +694,18 @@ static void SuspendDevice(void)
 	}
 
 	OK_(suspend_status);
+	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+	EQ_(CRYPT_ACTIVATE_SUSPENDED, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
+
 	FAIL_(crypt_suspend(cd, CDEVICE_1), "already suspended");
 
 	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)-1), "wrong key");
 	OK_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)));
 	FAIL_(crypt_resume_by_passphrase(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEY1, strlen(KEY1)), "not suspended");
 
+	OK_(crypt_get_active_device(cd, CDEVICE_1, &cad));
+	EQ_(0, cad.flags & CRYPT_ACTIVATE_SUSPENDED);
+
 	OK_(prepare_keyfile(KEYFILE1, KEY1, strlen(KEY1)));
 	OK_(crypt_suspend(cd, CDEVICE_1));
 	FAIL_(crypt_resume_by_keyfile(cd, CDEVICE_1, CRYPT_ANY_SLOT, KEYFILE1 "blah", 0), "wrong keyfile");
diff --git a/tests/compat-test b/tests/compat-test
index f9b9afcf..a61453ea 100755
--- a/tests/compat-test
+++ b/tests/compat-test
@@ -696,6 +696,7 @@ $CRYPTSETUP luksSuspend $DEV_NAME 2>/dev/null && fail
 echo $PWD1 | $CRYPTSETUP -q luksFormat --type luks1 $FAST_PBKDF_OPT $LOOPDEV || fail
 echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP luksSuspend $DEV_NAME || fail
+$CRYPTSETUP -q status  $DEV_NAME | grep -q "(suspended)" || fail
 $CRYPTSETUP -q resize  $DEV_NAME 2>/dev/null && fail
 echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksResume should return EPERM exit code"
diff --git a/tests/compat-test2 b/tests/compat-test2
index 63ee271f..2ff69974 100755
--- a/tests/compat-test2
+++ b/tests/compat-test2
@@ -641,6 +641,7 @@ prepare "[26] Suspend/Resume" wipe
 echo $PWD1 | $CRYPTSETUP -q luksFormat $FAST_PBKDF_OPT --type luks2 $LOOPDEV || fail
 echo $PWD1 | $CRYPTSETUP -q luksOpen $LOOPDEV $DEV_NAME || fail
 $CRYPTSETUP luksSuspend $DEV_NAME || fail
+$CRYPTSETUP -q status  $DEV_NAME | grep -q "(suspended)" || fail
 $CRYPTSETUP -q resize  $DEV_NAME 2>/dev/null && fail
 echo $PWDW | $CRYPTSETUP luksResume $DEV_NAME 2>/dev/null && fail
 [ $? -ne 2 ] && fail "luksResume should return EPERM exit code"