Microsoft BPOS-Federal Cloud Gains FISMA Certification

Information Security

BPOS-Federal, which includes Exchange Online, SharePoint online and Office Communications online, was FISMA-certified by the U.S. Department of Agriculture (USDA). FISMA certification, created in 2002, is a process through which federal agencies certify and accredit the security of information management systems. It indicates a federal agency has approved a solution for its use in line with the level of security established and required by that agency.

"The certification and accreditation has resulted in an official 'Authorization to Operate' (ATO) issued on April 19 by the U.S. Department of Agriculture (USDA) for Microsoft's Business Productivity Online Services-Federal, which includes Exchange Online, SharePoint Online, and Office Communications Online," Microsoft Senior Director of Product Management Eron Kelly wrote in a blog post highlighting BPOS-Federal's FISMA certification. "It follows a similar authorization issued by the USDA in November for the Microsoft data centers that will deliver these services to the USDA. We plan to pursue FISMA certification and accreditation for Office 365, our next generation cloud productivity suite, after it launches."

Microsoft's lack of FISMA certification for BPOS-Federal drew fire last week after Microsoft publically called out Google for supposedly lacking the federal certification for its Google Apps for Government cloud suite and ridiculed Google for claiming online and in marketing materials that Google Apps for Government is indeed FISMA certified.

Microsoft's accusation started a FISMA flap in which Google defended its FISMA certification claims and said that Google Apps is certified, therefore Google Apps for Government, which adds stronger security controls, is also certified under FISMA.

Sponsored post

The kerfuffle revealed that Microsoft itself had not obtained final FISMA certification for its BPOS-Federal cloud offerings, but had been operating with temporary authorization.

Now that Microsoft has received the official stamp of FISMA approval, the company said it can move ahead with federal cloud projects it has had in the hopper, including Microsoft's cloud deployment for the USDA.

"As a result of this action, the USDA is migrating 120,000 employees to Microsoft’s BPOS-Federal service," Kelly wrote. "This means that the USDA can use BPOS-Federal to handle a variety of tasks. For example, the USDA's Food Security programs can use BPOS-Federal to respond to food safety emergencies, the U.S. Forest Service can use BPOS-Federal to coordinate its efforts to fight forest fires, and the Foreign Agriculture Service can use BPOS-Federal to manage the distribution of food aid to millions of people around the world."

FISMA certification now gives Microsoft the ability to sell BPOS-Federal into all federal agencies evaluating a move to the cloud, the company said.

"We take our responsibility to protect customer data very seriously, and our cloud services already meet some of the industry's most rigorous global security and privacy standards," Kelly wrote. "FISMA for BPOS-Federal is just the latest example."

Microsoft's FISMA certification and the FISMA fight with Google came to light as the duo duke it out in court over a federal cloud contract. Google is suing the Department of the Interior, which chose Microsoft's cloud offerings, claiming the agency didn't open up the bidding process to competition and worded its proposal in a way that swayed the deal in Microsoft's favor. A judge has issued an injunction that halted Microsoft's DOI cloud deployment until the matter is sorted out.

The litigation and frequent dust-ups are part of Microsoft's and Google's ongoing cloud computing kerfuffle as the two tech titans battle for cloud computing customers.