Is WinZip AES FIPS 140-2 compliant?

Starting with WinZip version 18.5, WinZip Courier version 7.0, and WinZip Command Line Support Add-on version 5.0, WinZip Enterprise can be deployed to take advantage of the Windows FIPS 140-2 validated cryptographic modules when they have been enabled for use on Windows 10, Windows 8, or Windows 7 systems through the local or group security policy. When configured this way, WinZip satisfies all Federal requirements to ensure your organization meets government requirements for FIPS 140-2 certified encryption, both at rest and during exchanges.

WinZip can be configured to follow the Windows FIPS security policy or it can be configured itself for FIPS 140-2 compliancy. In either case, WinZip operates in FIPS-approved mode, using only the FIPS 140 approved algorithms for hashing and encryption that are provided by the FIPS-validated Windows cryptographic modules. Also, WinZip supports only the AES method for both encryption and decryption when in this mode.

WinZip's FIPS support can be adjusted to the requirements of your organization. Both a Strict mode and a Relaxed mode are available options.

When the Windows FIPS 140 compliancy is disabled, WinZip uses its own cryptographic modules to provide both AES and Zip 2.0 encryption methods. As with earlier versions of WinZip, these modules are not FIPS 140-2 compliant, though they provide FIPS 197 certified AES encryption technology and implementation. Similarly, for WinZip Enterprise versions and versions earlier than 18.5, neither WinZip nor any of its modules are FIPS 140-2 compliant but earlier versions, when using AES encryption, are FIPS 197 certified.

If you have any questions about this information, please submit a Technical Support ticket.