In order for devices to be fully compliant—as defined in the Information Security Office (ISO) standards—all internal partitions must be encrypted. The initial SWDE (Stanford Whole Disk Encryption) enrollment procedure only encrypts the “system” partition in multi-partition Macs. All internal, non-system partitions are encrypted manually from within Finder.
- Launch Finder and select the non-system partition. Right-click (or CTRL + click) the partition name and select Encrypt <partition name>.
- Create an encryption password. This can be any password you choose but don’t forget it. It will be required the next time you login to the Mac. Then, click Encrypt Disk.
- When encryption is complete the menu item will change to Decrypt <partition name>.
- The next time you reboot your Mac or log in you will be prompted to enter your encryption password to unlock the encrypted volume. This happens every reboot or login unless the password is saved in the keychain.