Lisa's suggestions

Signed-off-by: Mark Drake <[email protected]>

content/chainguard/chainguard-images/fips-images.md

@@ -15,12 +15,12 @@ weight: 600
 toc: true
 ---
 
-One of the primary requirements of federal compliance frameworks — including [FedRAMP](https://www.fedramp.gov/program-basics/) — is to use FIPS-validated cryptography. Chainguard offers FIPS-enabled versions of a number of its Images. This conceptual article provides a high-level overview of what FIPS is and how Chainguard's FIPS-enabled Images are built.
+One of the primary requirements of federal compliance frameworks — including [FedRAMP](https://www.fedramp.gov/program-basics/) — is to use FIPS-validated cryptography. Chainguard offers FIPS-enabled versions of a number of its Images. This article provides a high-level overview of what FIPS is and how Chainguard's FIPS-enabled Images are built.
 
 
 ## What is FIPS?
 
-The [Federal Information Processing Standards](https://www.nist.gov/itl/publications-0/federal-information-processing-standards-fips), or FIPS, is a set of standards vendors providing data processing services to the US and Canadian governments must adhere to. FIPS was developed by the National Institute of Standards and Technology (NIST), an agency within the United States Department of Commerce. 
+The [Federal Information Processing Standards](https://www.nist.gov/itl/publications-0/federal-information-processing-standards-fips), or FIPS, is a set of standards vendors must adhere to when providing data processing services to the US and Canadian governments. FIPS was developed by the National Institute of Standards and Technology (NIST), an agency within the United States Department of Commerce. 
 
 NIST has published a number of different FIPS standards. The FIPS standard that concerns Chainguard Images is the 140 series which specify requirements for cryptographic modules. Currently, there are two active FIPS 140 standards: FIPS 140-2 and 140-3. FIPS 140-2 is scheduled to expire on September 21, 2026 as the industry transitions to the newer 140-3 standard. 
 
@@ -34,25 +34,25 @@ Chainguard submitted a request for [Cryptographic Module Validation Program (CMV
 
 By including this redistribution of the OpenSSL FIPS module, Chainguard is able to provide Images that use FIPS-validated cryptography until the official certificate comes through. You can find the submission status on [NIST’s Modules in Process list](https://csrc.nist.gov/Projects/cryptographic-module-validation-program/modules-in-process/Modules-In-Process-List). We also run tests on each of our FIPS Images to ensure the given application is configured with FIPS-validated cryptography end-to-end.
 
-Additionally, Chainguard is already prepared for the migration to FIPS 140-3 in the near future because we provide the OpenSSL 3.1 module required for certification. We expect the certification process for this module to begin in 2024.
+Additionally, Chainguard is already prepared for the migration to FIPS 140-3 in the near future because we provide the OpenSSL 3.1 module required for certification. It is expected that the certification process for this module will begin in 2024.
 
 
 ### Regarding Java-based FIPS Images
-As mentioned previously, Chainguard provides several FIPS-ready Images that are based on Java. However, this presents some problems because Java applications generally don't leverage OpenSSL for cryptography and there isn't another cryptographic library serving as a widely-used standard for Java applications. For these reasons, Chainguard's Java-based Images instead ship with the [FIPS variant of the Bouncy Castle Crypto package](https://www.bouncycastle.org/fips_faq.html), a Java implementation of cryptographic algorithms. 
+As mentioned previously, Chainguard provides several FIPS-ready Images that are based on Java. However, this presents some challenges because Java applications generally don't leverage OpenSSL for cryptography and there isn't another cryptographic library serving as a widely-used standard for Java applications. For these reasons, Chainguard's Java-based Images instead ship with the [FIPS variant of the Bouncy Castle Crypto package](https://www.bouncycastle.org/fips_faq.html), a Java implementation of cryptographic algorithms. 
 
 Some Java applications may bundle their own cryptographic libraries at the application level. In these cases, Chainguard can only build a FIPS-enabled Image if the bundled libraries are FIPS-compliant or the applications in question support use with FIPS-compliant variants like Bouncy Castle's. Other Java applications do not bundle cryptographic libraries, instead relying on the bundled cryptography providers from the JRE.
 
 If the underlying JRE/JDK on the host system is FIPS compliant, then theoretically, the application could also be considered FIPS compliant. However, without explicit support or documentation for FIPS compliance, there is no guarantee that the application will consistently use these FIPS-compliant features. You can refer to the [Java Cryptography Architecture documentation](https://docs.oracle.com/en/java/javase/21/security/java-cryptography-architecture-jca-reference-guide.html#GUID-2BCFDD85-D533-4E6C-8CE9-29990DEB0190) for more information.
 
-There are many cases where Chainguard cannot make a Java application fully FIPS compliant, as it depends heavily on the application itself, specifically how it is architected and what it supports.
+The full FIPS compliance of a Java application and its related image depends heavily on the application itself, specifically how it is architected and what it supports.
 
 ## A note about FIPS compliance
 
 To ensure your organization is FIPS compliant, you'll need to do more than just install the OpenSSL module. Your organization's software must also be correctly configured to use only approved cryptographic algorithms. 
 
-In order to help customers ensure their applications are running in FIPS mode, Chainguard provides a useful utility, called [`openssl-fips-test`](https://github.com/chainguard-dev/openssl-fips-test), in our FIPS-enabled Images that allows you to verify that the OpenSSL FIPS module is properly installed and configured. When called, this utility will run a series of tests to make sure only the approved algorithms are active and will return an error if the FIPS module is not correctly configured.
+In order to help customers ensure their applications are running in FIPS mode, Chainguard provides [`openssl-fips-test`](https://github.com/chainguard-dev/openssl-fips-test), a useful utility in our FIPS-enabled Images that allows you to verify that the OpenSSL FIPS module is properly installed and configured. When called, this utility will run a series of tests to make sure only the approved algorithms are active and will return an error if the FIPS module is not correctly configured.
 
-Be aware that this tool can only detect whether or not OpenSSL is properly configured. This tool does not validate whether any other element in an overall delivered configuration is, or is not, FIPS 140-2/140-3 compliant. It only tests whether OpenSSL is properly configured and making use of the FIPS module correctly. Any applications and languages must be built to use the [OpenSSL Cryptographic library](https://www.openssl.org/docs/man3.0/man7/crypto.html) (also known as `libcrypto`) in order for the OpenSSL FIPS configuration to be useful.
+Be aware that this tool can only detect whether or not OpenSSL is properly configured. This tool does not validate whether any other element in an overall delivered configuration is, or is not, FIPS 140-2/140-3 compliant. It only tests whether OpenSSL is properly configured and makes use of the FIPS module correctly. Any applications and languages must be built to use the [OpenSSL Cryptographic library](https://www.openssl.org/docs/man3.0/man7/crypto.html) (also known as `libcrypto`) in order for the OpenSSL FIPS configuration to be useful.
 
 
 ## Learn more