Totally agree with you on this but I think in some settings FIPS-compliance is a requirement -- especially anything to do with the Federal government. The obvious fix is for FIPS to catch up but until then the three choices the document listed aren't great. The first two don't meet the requirements and the last choice, as you've pointed out, can be a bit of a foot gun. I wonder if AES-CBC-HMAC (i.e. Fernet) should be listed as a choice for FIPS? Like keep the original 3 and then have a sub-heading: FIPS-compliant: AES-CBC-HMAC or AES-CTR-HMAC like it did originally.

That list is geared towards developers who don't have a strong background in cryptography and helping them choose a secure algorithm that is easy to implement. Because if you get it wrong, more vulnerabilities will be introduced.

Working around janky compliance standards is a whole separate topic.