I wanted FIPS to be enabled when upgrading DLP Servers to newer release, so added the "FIPS_OPTION" parameter to the upgrader command.

Should I receive a verification that FIPS has been enabled when the upgrade completes?

As per the Install Guide from DLP 16.1:

To install the Symantec Data Loss Prevention software with FIPS encryption enabled

• Set the FIPS_OPTION as per the below guide:
  • Install an Enforce Server on Windows 
• You can also select this option when doing through the install via the GUI.  This is displayed when installing without quiet mode.

Once DLP has been installed with FIPS, it is not possible to change that configuration.

Subsequent upgrades of DLP will not change that setting and it is not necessary to continue specifying it.

Additionally, on the Enforce server, you should be able to confirm FIPS is enabled, via the following entry in the Protect.properties file:

# FIPS 140 Mode
com.symantec.crypto.fips140mode = false <OR> true

Note that you cannot change the entry above to effect a different FIPS mode - and the above entry is only one place where the mode is recorded.

To change it, you would have to reinstall Enforce and any server, which would mean losing access to any previously generated incidents.  Details in the below link provided.

FIPS Compliance