doc: simplify and clarify FIPS text in BUILDING.md

PR-URL: https://github.com/nodejs/node/pull/17538
Fixes: https://github.com/nodejs/node/issues/17536
Reviewed-By: Luigi Pinca <luigipinca@gmail.com>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Reviewed-By: Jon Moss <me@jonathanmoss.me>

BUILDING.md

@@ -347,17 +347,13 @@ as `deps/icu` (You'll have: `deps/icu/source/...`)
 
 ## Building Node.js with FIPS-compliant OpenSSL
 
-NOTE: Windows is not yet supported
+It is possible to build Node.js with the
+[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html) on POSIX
+systems. Windows is not supported.
 
-It is possible to build Node.js with
+Building in this way does not mean the runtime is FIPS 140-2 validated, but
-[OpenSSL FIPS module](https://www.openssl.org/docs/fipsnotes.html).
+rather that the runtime uses a validated module. In addition, the validation for
-
+the underlying module is only valid if it is deployed in accordance with its
-**Note**: building in this way does **not** allow you to claim that the
-runtime is FIPS 140-2 validated. Instead you can indicate that the runtime
-uses a validated module. See the
-[security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)
-page 60 for more details. In addition, the validation for the underlying module
-is only valid if it is deployed in accordance with its
 [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf).
 If you need FIPS validated cryptography it is recommended that you read both
 the [security policy](http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140sp/140sp1747.pdf)