https://www.cisco.com/c/en/us/td/docs/wireless/controller/8-5/config-guide/b_cg85/flexconnect.html#flexconnect-operation-modes
there are many variations you can have in flexconnect mode, read the flexconnect authentication section here.
FlexConnect AP is responsible for client authentication
not necessarily true, you can have flexconnect for local data switching but your authentication can still be central.
I looked through several documents at Cisco and NIST but I did not find anything on fips in flexconnect mode. Hopefully someone else have some experience deploying it and can share.
-hope this helps-