|The FIPS 140-2 compliance feature requires a WinZip Enterprise registration.
Starting with WinZip version 18.5 and WinZip Courier version 7.0, WinZip Enterprise can be deployed to take advantage of the Windows FIPS 140-2 validated cryptographic modules when they have been enabled for use on Windows 10, Windows 8, Windows 7, or Windows Vista systems through the local or group security policy. When configured this way, WinZip satisfies all Federal requirements to ensure your organization meets government requirements for FIPS 140-2 certified encryption, both at rest and during exchange.
When both Windows and WinZip are configured for FIPS 140-2 compliancy, WinZip operates in FIPS-approved mode, using only the FIPS 140 approved algorithms for hashing and encryption that are provided by the FIPS-validated Windows cryptographic modules. In this mode, WinZip supports only the AES method for both encryption and decryption.
WinZip's FIPS support can be adjusted to the requirements of your organization. Both a Strict mode and a Relaxed mode are available options.
When the Windows FIPS 140 compliancy is disabled, WinZip uses its own cryptographic modules to provide both AES and Zip 2.0 encryption methods. As with earlier versions of WinZip, these modules are not FIPS 140-2 compliant, though they provide FIPS 197 certified AES encryption technology and implementation. Similarly, for WinZip Enterprise versions and versions earlier than 18.5, neither WinZip nor any of its modules are FIPS 140-2 compliant but earlier versions, when using AES encryption, are FIPS 197 certified.