diff --git a/docs/reference/settings/security-settings.asciidoc b/docs/reference/settings/security-settings.asciidoc
index f4875fd096b00..abf1b3e40d55f 100644
--- a/docs/reference/settings/security-settings.asciidoc
+++ b/docs/reference/settings/security-settings.asciidoc
@@ -71,6 +71,11 @@ the sensitive nature of the information.
 (<<static-cluster-setting,Static>>)
 Enables fips mode of operation. Set this to `true` if you run this {es} instance in a FIPS 140-2 enabled JVM. For more information, see <<fips-140-compliance>>. Defaults to `false`.
 
+`xpack.security.fips_mode.required_providers`::
+(<<static-cluster-setting,Static>>)
+Optionally enforce specific Java JCE/JSSE security providers. For example set this to `["BCFIPS"]` to require the Bouncy Castle FIPS
+security provider. Only applicable when `xpack.security.fips_mode.enabled` is set to `true`.
+
 [discrete]
 [[password-hashing-settings]]
 ==== Password hashing settings
diff --git a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
index 0eb8de4f42144..1d849055c70a5 100644
--- a/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
+++ b/x-pack/plugin/security/src/main/java/org/elasticsearch/xpack/security/Security.java
@@ -1573,7 +1573,7 @@ static void validateForFips(Settings settings) {
         }
 
         final List<String> requiredProviders = XPackSettings.FIPS_REQUIRED_PROVIDERS.get(settings);
-        logger.info("JVM Security Providers " + foundProviders);
+        logger.info("JVM Security Providers: " + foundProviders);
         if (requiredProviders != null && requiredProviders.isEmpty() == false) {
             List<String> unsatisfiedProviders = requiredProviders.stream()
                 .map(s -> s.toLowerCase(Locale.ROOT))
@@ -1581,7 +1581,7 @@ static void validateForFips(Settings settings) {
                 .toList();
 
             if (unsatisfiedProviders.isEmpty() == false) {
-                String errorMessage = "Could not find required FIPS security provider " + unsatisfiedProviders;
+                String errorMessage = "Could not find required FIPS security provider: " + unsatisfiedProviders;
                 logger.error(errorMessage);
                 validationErrors.add(errorMessage);
             }