fedramp as of last year allows to use not fips validated version in order to patch security vulnerabilities