Update field-masking.md - add FIPS note (#11542)

* Update field-masking.md for version 3.x

Signed-off-by: Terry Quigley <[email protected]>

* Update field-masking.md for version 3.x

Signed-off-by: Terry Quigley <[email protected]>

* Update field-masking.md - add FIPS note

Signed-off-by: Terry Quigley <[email protected]>

* Update _security/access-control/field-masking.md

Signed-off-by: kolchfa-aws <[email protected]>

* Update _security/access-control/field-masking.md

Signed-off-by: Nathan Bower <[email protected]>

---------

Signed-off-by: Terry Quigley <[email protected]>
Signed-off-by: kolchfa-aws <[email protected]>
Signed-off-by: Nathan Bower <[email protected]>
Co-authored-by: kolchfa-aws <[email protected]>
Co-authored-by: Nathan Bower <[email protected]>

Author: 3 people

_security/access-control/field-masking.md

@@ -96,6 +96,9 @@ See [Create role]({{site.url}}{{site.baseurl}}/security/access-control/api/#crea
 
 By default, the Security plugin uses the BLAKE2b algorithm, but you can use any hashing algorithm that your JVM provides. This list typically includes MD5, SHA-1, SHA-384, and SHA-512.
 
+BLAKE2b and several other commonly available algorithms, such as MD5 and SHA-1, are not approved for use in FIPS 140-3-compliant environments. If your deployment requires FIPS compliance, configure the plugin to use a FIPS-approved algorithm, such as SHA-256 or SHA-512, and make sure that the underlying cryptographic provider (for example, Bouncy Castle FIPS or another FIPS-validated JCE provider) is installed and configured correctly.
+{: .note}
+
 You can override the default algorithm in `opensearch.yml` using the optional default masking algorithm setting `plugins.security.masked_fields.algorithm.default`, as shown in the following example:
 
 ```yml