I'm trying to search in their manual but there is nothing explicit being mentioned as to what type and how encryption should be done.
Can I assume that if I use EFS on the entire USER directory that it will be perfectly acceptable in terms of compliance?
In most cases where regulations mandate encryption at rest it generally would apply to the system as a whole due to the fact that the regulated data will frequently be copied into logs, swap space, and other areas of the system. Likewise it would be accessed by other applications on the system for things like file integrity monitoring, backup, anti-virus scanning, etc...
For these reasons just encrypting the USER directory would not normally be acceptable. Likewise there are additional security risks to not doing full disk-encryption in the event the system (or it's backup) are compromised.
