In general, Control-M performs security hardening of all components regardless of FIPS compliance (although there are similarities with FIPS requirements, such as encryptions, cyphers, data at rest and transit, etc).

We allow Agents and Desktop Client machines to work with FIPS mode enabled, even while the application itself isn’t set to FIPS mode. Ensure Control-M/Enterprise Manager's System Parameter "PasswordEncode" is set to "5". This allows the client to pass AES256 authentication, which is used by FIPS. 

Currently, there are no future plans to make other Control-M components for FIPS. There are several business reason for this. Instead, we continue to invest in hardening our components, while each new release includes significant additions to improve our security posture.

Third party components that are delivered with Control-M such as Tomcat that were FIPS certified, cannot be enabled for FIPS as no verification was done in the lab.

Control-M implements all FIPS requirements for individual ciphers.  We believe this enables full FIPS compliance with Control-M, as all relevant cryptographic standards are met. BMC recommends that you use strong cryptography for certificates, SSH keys and ciphers with all end-points and with communication to all third-party components where possible.