Not really. It isn't hard to use FIPS validated software, it's just annoying to do because most libraries you would want to use aren't FIPS compliant by default for good reasons. If you can get a government contract in the first place you are already administratively competent enough to use FIPS.

> If you can get a government contract in the first place you are already administratively competent enough to use FIPS.

Speaking as a sysadmin for a local government roped into FIPS requirements by way of FBI CJIS compliance I can safely say your assumption of competence is incorrect.

It may be that just everyone else is even moreso incompetent.

Yeah, I don't think there's any malice to any of this; FIPS is just the product of a particularly conservative (backwards-looking, path-dependent) and market-unaccountable standards process. It's like what would happen if JPMC had so much market power that they could make their own cryptographic standard; it would, I am saying, suck ass, without anyone meaning for it to.

> If you can get a government contract in the first place you are already administratively competent enough to use FIPS.

My personal experience disagrees.