5.3.1 Ensure all user storage APFS volumes are encrypted

Information

Apple developed a new file system which was first made available in 10.12 and then became the default in 10.13. The file system is optimized for Flash and Solid-State storage and encryption.

https://en.wikipedia.org/wiki/Apple_File_System

macOS computers generally have several volumes created as part of APFS formatting, including Preboot, Recovery and Virtual Memory (VM), as well as traditional user disks.

All APFS volumes that do not have specific roles and do not require encryption should be encrypted. "Role" disks include Preboot, Recovery and VM. User disks are labelled with "(No specific role)" by default.

In order to protect user data from loss or tampering volumes, carrying data should be encrypted.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Use Disk Utility to erase a user disk and format as APFS (Encrypted).

Note: APFS Encrypted disks will be described as "FileVault" whether they are the boot volume or not in the ap list.

Impact:

While FileVault protects the boot volume, data may be copied to other attached storage and reduce the protection afforded by FileVault. Ensure all user volumes are encrypted to protect data.

See Also

https://workbench.cisecurity.org/benchmarks/15551

Item Details

Category: IDENTIFICATION AND AUTHENTICATION, SYSTEM AND COMMUNICATIONS PROTECTION

References: 800-53|IA-5(1), 800-53|SC-28, 800-53|SC-28(1), CSCv7|13.6, CSCv7|14.8

Plugin: Unix

Control ID: 2325123df19bae4aeaab45aa245d467aec666f61498ba4a144b11c4d710154db