diff --git a/charts/control-plane-operator/templates/deployment.yaml b/charts/control-plane-operator/templates/deployment.yaml
index aeb883d..b8affb6 100644
--- a/charts/control-plane-operator/templates/deployment.yaml
+++ b/charts/control-plane-operator/templates/deployment.yaml
@@ -80,6 +80,8 @@ spec:
                 fieldRef:
                   fieldPath: metadata.namespace
             {{- end }}
+            - name: GODEBUG
+              value: "fips140={{ .Values.fips.mode }}"
           {{- with .Values.init.env }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
@@ -177,6 +179,8 @@ spec:
               valueFrom:
                 fieldRef:
                   fieldPath: spec.serviceAccountName
+            - name: GODEBUG
+              value: "fips140={{ .Values.fips.mode }}"
           {{- with .Values.manager.env }}
             {{- toYaml . | nindent 12 }}
           {{- end }}
diff --git a/charts/control-plane-operator/values.yaml b/charts/control-plane-operator/values.yaml
index a2b3892..9aa4773 100644
--- a/charts/control-plane-operator/values.yaml
+++ b/charts/control-plane-operator/values.yaml
@@ -148,6 +148,9 @@ rbac:
   role:
     rules: []
 
+fips:
+  mode: "off" # controls GODEBUG=fips140 setting. Set to either off, on, or only (refer to https://go.dev/doc/security/fips140#fips-140-3-mode)
+
 nodeSelector: {}
 
 tolerations: []
diff --git a/cmd/main.go b/cmd/main.go
index b88c0b0..976d202 100644
--- a/cmd/main.go
+++ b/cmd/main.go
@@ -17,6 +17,7 @@ limitations under the License.
 package main
 
 import (
+	"crypto/fips140"
 	"embed"
 	"flag"
 	"os"
@@ -129,6 +130,13 @@ func main() {
 
 	ctrl.SetLogger(zap.New(zap.UseFlagOptions(&opts)))
 
+	// needs to be run after ctrl.SetLogger has been called, so we can log
+	if fips140.Enabled() {
+		setupLog.Info("Running in FIPS 140-3 compliant mode")
+	} else {
+		setupLog.Info("Running in non-FIPS-compliant mode")
+	}
+
 	setupContext := context.Background()
 
 	setupClient, err := client.New(ctrl.GetConfigOrDie(), client.Options{Scheme: schemes.Local})
diff --git a/hack/common/build-binary.sh b/hack/common/build-binary.sh
index 94d5729..d2e9d2e 100755
--- a/hack/common/build-binary.sh
+++ b/hack/common/build-binary.sh
@@ -12,7 +12,7 @@ echo "> Building binaries ..."
       echo "> Building binary for component '$comp' ($pf) ..." | indent 1
       os=${pf%/*}
       arch=${pf#*/}
-      CGO_ENABLED=0 GOOS=$os GOARCH=$arch go build -a -o bin/${comp}-${os}.${arch} cmd/main.go | indent 2
+      CGO_ENABLED=0 GOFIPS140=v1.0.0 GOOS=$os GOARCH=$arch go build -a -o bin/${comp}-${os}.${arch} cmd/main.go | indent 2
     done
   done
 )