Zoom achieves new global security standards for core products with ISMAP registration
Zoom is now registered with the Information system Security Management and Assessment Program (ISMAP). Find out what this means for our customers.
Updated on September 12, 2022
Published on January 28, 2022
From instant messaging on Zoom Team Chat to quickly scheduling Zoom Meetings to even making frictionless calls with Zoom Phone, the Zoom desktop client — downloadable Zoom app for your computer — helps users quickly and safely launch the communication channel of their choice.
Underpinned by our standard 256-bit AES-GCM encryption, the Zoom client helps enable seamless and secure collaboration — it’s even recently become the first video communications client to obtain the industry-recognized Common Criteria certification for the Zoom Meeting client version 5.6.6.
While it’s home to numerous security features, we wanted to highlight a few key aspects of the Zoom desktop client that users can deploy to help protect their communications.
Here are five key security features included in the desktop client:
To help authenticate Zoom users in schools and business environments as they log into the client, we offer a single sign-on (SSO) feature that creates a safe and quick login process. If you can not use single sign-on, we recommend using two-factor authentication (2FA) to still add an extra layer of security to the process.
While both of these options require initial setup from administrators, an authenticated login process will help users start their experience with the Zoom client on the right foot.
You can also log in via an OAuth process, which allows you to approve one application — Google or Facebook — to interact with Zoom on your behalf so you don’t have to manually enter a password. For any users manually logging in without using any of these protocols, we recommend you deploy a strong and complex password.
When scheduling a Zoom Meeting, you can quickly toggle on a few settings right within the client to help safeguard your upcoming session.
Head to “Home” in the top navigation of the Zoom client and click “Schedule.” Then, a pop-up will emerge that enables you to tailor the meeting settings to your individual needs. There’s an entire “Security” section included in this pop-up, where you can select from options like, “Only authenticated users can join” and “Waiting Room” to add on helpful layers of protection.
You can also select your preferred encryption for the meeting, choosing from enhanced encryption or our end-to-end encryption (E2EE) option. Both options use our standard 256-bit AES-GCM encryption, with the difference being where the encryption keys are stored. With E2EE enabled, the cryptographic keys are known only to the devices of the meeting participants. Enabling E2EE for meetings disables certain features and requires all meeting participants to join from the Zoom desktop client, mobile app, or Zoom Rooms.
For more tips on how to secure your Zoom Meetings, check out this blog.
We recently released an automatic update feature designed to help streamline the software update and bug patching process. You can turn on automatic updates right in the Zoom client by following these quick steps:
Users who enable this feature will automatically receive updates to Zoom software in the future. This feature may already be enabled for some devices on enterprise Zoom accounts, where the administrator has existing auto-update settings enabled.
Advanced chat encryption allows for a secured communication where only the intended recipient can read the secured message. While this feature has to be enabled by account administrators, users can deploy it when communicating about particularly sensitive information in a one-to-one or group chat.
When advanced chat encryption is enabled, data at rest is encrypted by encryption keys generated and operated on chat participants' devices. Chat data in transit, however, is encrypted in transit using Transport Layer Security (TLS) encryption.
If you’ve accepted an unknown external contact request or are experiencing disruptive behavior from a fellow user, you have the ability to block them. Just go to a user’s name on the left side of the Zoom Team Chat window, and click the “Options” arrow on the right side of the bar. From that drop-down menu, you can block a user. All blocked users will show up in “Settings” under “Chat,” where you can manage the list and unblock a user, as shown below.
Our unified communications experience is built with security in mind, and our users’ safety, security, and privacy help guide new platform updates we make. We’re committed to being a platform users can trust — with their online interactions, information, and business.
To learn more about Zoom privacy and security, explore our Trust Center.