If you have an environment where all Windows servers are hardened to meet government standard then you might have little luck in installing SharePoint without getting waiver. As per requirements FIPS 140-2 cryptographic mode security control must be enabled on at OS level. SharePoint Server doesn’t support ” System cryptography: User FIPS compliant algorithms for encryption, hashing, and signing” group policy in Windows. SharePoint uses the MD5 hashing algorithm for certain non-cryptographic purposes (i.e. MS is not using it for security, encryption, etc.). That policy interferes with SharePoint usage of MD5, which prevents SharePoint from working correctly.

FIPS, the security requirements for cryptography states:

This Federal Information Processing Standard (140-2) specifies the security requirements that will be satisfied by a cryptographic module, providing four increasing, qualitative levels intended to cover a wide range of potential applications and environments. The areas covered, related to the secure design and implementation of a cryptographic module, include specification; ports and interfaces; roles, services, and authentication; finite state model; physical security; operational environment; cryptographic key management; electromagnetic interference/electromagnetic compatibility (EMI/EMC); self-tests; design assurance; and mitigation of other attacks. [Supersedes FIPS 140-1 (January 11, 1994): http://www.nist.gov/manuscript-publication-search.cfm?pub_id=917970]

Get a waiver.
Exclude the SharePoint server  from GPO that applies FIPS 140-2 (cryptography module).Follow the my post  https://www.bomzan.com/2018/01/11/guide-to-exclude-single-user-or-computer-to-exclude-from-the-group-policy/

Service Accounts and local user rights:

Name	Description	Local User Rights	Domain Rights	SQL Permission
SPAdmin	Used for installation and perform Product Configuration	-Local Administrator on SP Server , Adjust Memory Quotas for a process, Impersonate a client after authentication,Log on as a batch job, Log on as a service, Restore files and directories, Take Ownership of files or other objects	Doman User	Public, dbcreator and securityadmin SQL roles
SPFarm	It is used for the following tasks: Configure and manage the server farm, to run Microsoft SP Foundation Workflow Timer Service , Central Admin, User Profile Service	-Local Admin on SP serer during UPS provisioning, local administrator (remove after complete configuration), Back up files and directories,Bypass traverse checking, Impersonate a client after authentication, Log on as a batch job, Log on as a service, Replace a process level, Generate Security Audits	Domain User	Public, dbcreator and securityadmin SQL roles
SPWebApps	Used to run web application pools	Adjust memory quotas for a process, Impersonate a client after authentication, Log on as a batch job, Log on as a service	Domain User	none
SPServiceApps	Used to run service application pol	Adjust memory quotas for a process, Impersonate a client after authentication, Log on as a batch job, Log on as a service	Domain User	none
SPContent	Used as the default acounht by Search Service application to crawl content	Impersonate a client after authentication, Log on as a batch job, Log on as a service	Domain User	None
SPProfile	Used for User Profile Syncrhonization Acount	none	Domain User and Replicated Direcory Changes permission on the domain	None

Name	Description	Local User Rights	Domain Rights	SQL Permission
SQLInstall	Account to install SQL	Local Adminsitrator on the SQL server	Doman User	Permission will be assigned when SQL server is being installed on the SQL Server
SQLUser	This account is for running the following SQL server services: MSSQLSERVER, SQLSERVERAGENT	Bypass Traverse Checking, Log on as a service	Domain User	Permission will be assigned when SQL server is being installed on the SQL Server

Note: I referred to various blogs and particularly credit goes to https://absolute-sharepoint.com/2013/01/sharepoint-2013-service-accounts-best-practices-explained.html