FIPS may only be required in many of these US gov/contractor applications if encryption is defined as the only mechanism protecting confidentiality of the data. If the server cluster is appropriately physically protected and separate VLANS are used to isolate ceph/management/ipmi/corosync from each other and from user facing workloads, then using encryption on ceph or zfs may count towards a defense-in-depth, ie- going above and beyond the requirement, even if the encryption isn't being performed by a fips validated module.
Having a FIPS validated module involved to protect the confidentiality of the data as it flies over networks outside of that controlled server room is important for these applications. This requirement could be met by configuring the underlying workload hosted within proxmox to use a FIPS validated module, for example, file shares on a Windows Server, SMB can be configured to use an encryption algorithm that is part of the fips framework, and the underlying modules in the windows server/desktop systems are already fips validated (for applicable encryption modes). One could go a step further and enforce fips mode on the windows server/computers, but this may break other services and may not be strictly required to demonstrate compliance.
