Details
FileVault secures a system’s data by automatically encrypting its boot volume and requiring a password or recovery key to access it.
Rationale:
Encrypting sensitive data minimizes the likelihood of unauthorized users gaining access to it.
Impact:
Mounting a FileVaulted volume from an alternate boot source will require a valid password to decrypt it.
Solution
Perform the following to implement the prescribed state:
Open System Preferences
Select Security & Privacy
Select FileVault
Select Turn on FileVault
Additional Information:
FileVault may not be desirable on a virtual OS. As long as the hypervisor and file storage are encrypted the virtual OS does not need to be. Rather than checking if the OS is virtual and passing the control regardless of the encryption of the host system the normal check will be run. Security officials can evaluate the comprehensive controls outside of the OS being tested.
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: System and Communications Protection.This control applies to the following type of system Unix.