DOCSP-29874 Expands FIPS clarification - Backport to v4.4 (#3326)

* DOCSP-29874 Expands FIPS clarification (#3220)

* DOCSP-29874 Expands FIPS clarification

* Fixes per Sarah Olsen

* Changes per Kenn's review

* Changes per Kenn's review

* Fixes spacing issue

---------

Co-authored-by: Ashley Brown <[email protected]>

* Fixes build issue

---------

Co-authored-by: Ashley Brown <[email protected]>

Author: kennethdyer

source/core/security-encryption-at-rest.txt

@@ -49,7 +49,24 @@ Standard in Cipher Block Chaining mode) via OpenSSL. AES-256 uses a
 symmetric key; i.e. the same key to encrypt and decrypt text. MongoDB
 Enterprise for Linux also supports authenticated encryption
 ``AES256-GCM`` (or 256-bit Advanced Encryption Standard in
-Galois/Counter Mode). FIPS mode encryption is also available.
+Galois/Counter Mode). 
+
+The Encrypted Storage Engine uses the certified cryptography provider 
+of the underlying operating system to perform cryptographic operations.
+For example, a MongoDB installation on a Linux operating system 
+uses the OpenSSL ``libcrypto`` FIPS-140 module.
+
+To run MongoDB in a FIPS-compliant mode:
+
+#. Configure the operating system to run in FIPS-enforcing mode.
+
+#. Configure MongoDB to enable the :setting:`net.tls.FIPSMode` setting.
+
+#. Restart the ``mongod`` or ``mongos``.
+
+#. Check the server log file to confirm that FIPS mode is enabled. If FIPS mode is enabled, the message ``FIPS 140-2 mode activated`` appears in the log file.
+
+For more information, see :ref:`configure-mdb-for-fips`.
 
 .. note:: AES256-GCM and Filesystem Backups
 

source/tutorial/configure-fips.txt

@@ -1,3 +1,5 @@
+.. _configure-mdb-for-fips:
+
 ==========================
 Configure MongoDB for FIPS
 ==========================