If a user disables FIPS globally they are still instructed to reboot their machines. What is especially problematic here is that it causes every single Puppet run to not be idempotent until this is dealt with. There are a lot of reasons why a box may not be rebooted for extended periods of times which means that Puppet runs during that time won't appear idempotent.
It's not sufficient to change the log level of a resource because it's possible that a corrective change did happen requiring a reboot. Instead SIMP needs to be aware that it's making an unnecessary change and either avoid doing so or not prompt a reboot_notify to occur. The default in RHEL/CentOS is to not add FIPS to the boot options so it seems SIMP probably shouldn't add it either if FIPS is disabled.