Microsoft Admits Lacking Full FISMA Certification For Federal Cloud


Microsoft has confirmed that it does not have Federal Information Security Management Act (FISMA) certification for its federal cloud offerings, the same certification for which it's publicly dragged Google through the mud for supposedly lacking.

"BPOS-Federal, released/announced in 2010, is currently going through FISMA certification with the United States Department of Agriculture (USDA). Microsoft has a temporary FISMA ATO (Authority to operate) from USDA, and final FISMA certification is coming soon," a Microsoft spokesperson said in a statement e-mailed Friday to CRN.

Microsoft would not comment further.

Microsoft's lack of "final FISMA certification" came to light just days after the software giant called Google out in a scathing blog post in which Microsoft claimed that Google's Google Apps for Government cloud computing offerings aren't FISMA certified.

In the blog post, written by Microsoft Corporate Vice President and Deputy General Counsel David Howard, Microsoft said Google is being untruthful and said it is misleading customers by claiming that Google Apps for Government has received FISMA certification, which shows solutions have been deemed secure for federal cloud deployments.

Google, meanwhile, responded to Microsoft's accusations in a blog post of its own that said that Google Apps is covered under FISMA certification and, in turn, Google said Google Apps for Government is also FISMA authorized.

"Google Apps for Government is the same technology platform as Google Apps Premier Edition, not a separate system," Google Enterprise Director of Security Eran Feigenbaum wrote in the blog entry. "It includes two added security enhancements exclusively for government customers: data location and segregation of government data. In consulting with GSA last year, it was determined that the name change and enhancements could be incorporated into our existing FISMA certification. In other words, Google Apps for Government would not require a separate application."

The FISMA kerfuffle between Microsoft and Google came to light as part of a recent legal spat in which Google is suing the DOI, claiming it did not open the bidding processes for its cloud e-mail to competition and wording its proposal to heavily favor Microsoft. A judge has levied an injunction stopping Microsoft's DOI cloud deployment until the matter is sorted out.

The FISMA back and forth is the next chapter Microsoft's and Google's continuing cloud computing competition as the two powerhouses battle to control the cloud and fight for cloud contracts, including federal customers.