The ACT uses a managed version of the SHA256 hash algorithm that is not FIPS-compliant.
To fix this, I downloaded the source code for the last December 2013 version of ACT (4.1.7.1213), and recompiled the toolkit with this code change in place. This code is in the ToolscriptManagerHelper.cs source file (which doesn't exist in the latest ACT version).
<pre lang="vb">//Change this to support FIPS compliance:
//using (SHA256 hashAlgorithm = new SHA256Managed())
using (HashAlgorithm hashAlgorithm = new SHA256CryptoServiceProvider())</pre>
Someone else found this solution and submitted a change request, but I don't think it was ever merged with the main code.
Your other alternatives are to upgrade to a newer version of the ACT (although I'm not sure which versions are/aren't FIPS-compliant), or disable FIPS enforcement.
I'm thinking about hosting an updated version to save others the trouble, but don't have time to do it right now.