2.5.1.2 Ensure all user storage APFS volumes are encrypted

Warning! Audit Deprecated

This audit has been deprecated and will be removed in a future update.

View Next Audit Version

Information

Apple developed a new file system which was first made available in 10.12 and then became the default in 10.13. The file system is optimized for Flash and Solid-State storage and encryption. https://en.wikipedia.org/wiki/Apple_File_System macOS computers generally have several volumes created as part of APFS formatting, including Preboot, Recovery and Virtual Memory (VM), as well as traditional user disks.

All APFS volumes that do not have specific roles and do not require encryption should be encrypted. 'Role' disks include Preboot, Recovery and VM. User disks are labelled with '(No specific role)' by default.

Rationale:

In order to protect user data from loss or tampering volumes, carrying data should be encrypted.

Impact:

While FileVault protects the boot volume, data may be copied to other attached storage and reduce the protection afforded by FileVault. Ensure all user volumes are encrypted to protect data.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Use Disk Utility to erase a user disk and format as APFS (Encrypted).
Note: APFS Encrypted disks will be described as 'FileVault' whether they are the boot volume or not in the ap list.

See Also

https://workbench.cisecurity.org/files/4178