2.12 Securely delete files as needed


Securely removing files mitigates the risk of an admin user on the system recovering sensitive files that the user has deleted. It is possible for anyone with physical access to the device to get access if FileVault is not used, or to recover deleted data if the FileVault volume is already mounted.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.


Securely deleting files can take a long time, with FileVault in place the protection is erasing data within an already encrypted volume. This control does not effect the use of the rm command in the terminal. Users who rarely have large files to erase can use srm
- cd ~/.Trash
- srm myproject-cui.pptx

See Also