FIPS 140-2 Certification and Compliance with WinZip

1 users found this article helpful

The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products, which are validated by Cryptographic Module Validation Program (CMVP).

FIPS 140-2 is a set of governmental regulations. It is not an encryption method or file service. Currently, a Zip file created with the FIPS settings turned on looks no different than other encrypted Zip files.

In WinZip itself that the only encryption method you can use in WinZip is AES 256. So, if you have not entered a GPO to force that situation and that is what you find, you must have FIPS turned on.

WinZip FIPS 140-2 uses certification/validation provided by Microsoft Federal Information Processing Standard (FIPS) 140.

Implementing FIPS 140-2 Standard with WinZip Enterprise

These are the 5 usage scenarios of FIPS 140-2 with WinZip:

Scenario 1 – SharePoint Environment: Installing and using WinZip Enterprise in a domain where SharePoint is the only cloud service made available.

Scenario 2 – Amazon S3 Environment: Installing and using WinZip Enterprise in a domain where Amazon S3 and Office 365 (OneDrive for Business) are the only cloud services being made available.

Scenario 3 – Prepare for FIPS 140-2 Compliance: Installing and using WinZip Enterprise as part of a FIPS 140-2 compliant Windows solution. When choosing to encrypt, each Zip file being created will have AES 256-bit encrypted data and certified Windows components will be used for all encrypting of data. This scenario has no cloud services, and no social media usage. Converting to PDF and placing a watermark on files also protects files that you zip.

Scenario 4 – Multiple Cloud Access Environment: Installing and using WinZip Enterprise in a domain where multiple cloud services are made available, SharePoint being the default.

Scenario 5 – “The Works”, Minus Social Media for Some: Install WinZip Enterprise by Group Policy and give the maximum feature set to the “Marketing OU”, but remove Social Media options for those not in the Marketing OU. No default cloud service or share service will be defined. When available, users will be able to set those on their own. The password policy will be the WinZip default, which is a length of 8 characters, and the Password Policy tab in WinZip Options will be available.

The above scenarios are described in the WinZip Enterprise Installation and Configuration Guide which includes a description, installation preparation, installation steps, and additional information.

Was this article helpful?

Tell us how we can improve it.