I think that is the next step....
"The NIST compliance evaluation determines the cybersecurity readiness of a process
or product for formal NIST certification, per FIPS 140-2. CyberRx’s rating assesses the identification,
protection, detection, response and recovery capacity to cybersecurity events. An independent third party,
Watkins Consulting, conducted iWebGate’s cybersecurity “fitness” review in mid-June 2015"
From my understanding looking at this website
https://www.certicom.com/index.php/fips-validation-what-is-it
You need the 3rd Party Certification before going to get the FIPS 140-2.