The client has an unencrypted Mac computer (OS X Lion - 10.7 - or later) and needs to protect sensitive files. A high-risk user has a Mac computer (OS X Lion or later) and doesn't know if full-disk encryption is enabled.
Edit me

Full-Disk Encryption on Mac with FileVault 2

Protect sensitive files in a Mac computer


  • An at-risk user needs to protect sensitive files from theft or access by unauthorized persons.
  • An at-risk user doesn’t know how to securely store copies of important and/or sensitive files.


FileVault 2 is an encryption tool inbuilt in Mac OS X that provides on-the-fly encryption and decryption for the content of the entire disk and/or home folder and sub-folders of a Mac OS X computer.

FileVault requires OS X Lion (10.7) or later. It uses the user’s login password as the encryption passphrase. It uses the AES-XTS mode of AES with 128 bit blocks and a 256 bit key to encrypt the disk. Only unlock-enabled users can start or unlock the drive. Once unlocked, other users may also use the computer until it is shut down.