News

Microsoft Disputes Google's Government Certification Claims

A Microsoft lawyer on Monday suggested that Google's claims of having achieved U.S. government security certification for its Apps for Government products are false.

Google claims that its Apps for Government services, released in July 2010, are certified under the Federal Information Security Management Act (FISMA), according to a product description. David Howard, Microsoft corporate vice president and deputy general counsel, says otherwise. He cites a Department of Justice (DoJ) brief in a Google lawsuit against the department, in which a footnote states, "[I]t appears that Google's Google Apps for Government does not have FISMA certification."

FISMA is a 2002 law that requires agencies to certify information security processes for their IT systems, including those managed by other agencies or contractors.

The DoJ brief cites an e-mail from December in which a security officer within the General Services Administration (GSA), which issues FISMA certifications, says that Apps for Government does not have FISMA accreditation, according to the Los Angeles Times. Google did receive FISMA certification for Google Apps Premier, the brief states, but Apps for Government is a "more restrictive" version that Google is preparing to submit for FISMA certification.

Coincidentally, the GSA in December became the first federal agency to move its agencywide e-mail to the cloud, choosing Google Apps for Government.

In a blog post on Monday, Howard called attention to the DoJ's brief, which had been unsealed last week.

"Google can't be under the misimpression that FISMA certification for Google Apps Premier also covers Google Apps for Government," Howard wrote. "If that were the case, then why did Google, according to the attachments in the DoJ brief, decide to file a separate FISMA application for Google Apps for Government?"

In a statement, David Mihalchik, business development executive for Google Federal, responded by saying Apps for Government "is the same system with enhanced security controls that go beyond FISMA requirements," and added Google "did not mislead the court or our customers."

The dispute grows out of a suit Google filed against the Department of Interior (DoI) in October. Google had accused the DoI of favoring Microsoft's Business Productivity Online Suite (BPOS) over Google's offerings when it was considering bids for departmentwide e-mail. BPOS, a collection of cloud-based services, is still under consideration to get FISMA certification for some applications, although Microsoft's cloud infrastructure has received FISMA approval. A judge granted Google a preliminary injunction in January.

About the Author

Kevin McCaney is the managing editor of Government Computer News.

Featured

  • RAMBleed Side-Channel Attack Method Disclosed by Researchers

    Academic researchers this week published information about another side-channel attack method, called "RAMBleed," that can expose information from memory chips, including encryption key information.

  • Penguin

    Windows 10 Preview Build 18917 Shows Off New Linux Integration

    Microsoft's latest Windows 10 "fast-ring" preview release is showcasing a coming Delivery Optimization enhancement, along with the ability to try the newly emerged Windows Subsystem for Linux version 2.

  • Customizing Microsoft Office 365

    While the overall look and feel of Office 365 is pretty standard across organizations, there are several ways to personalize it and make it fit better with your company's specific needs.

  • Microsoft 365 Business Tenants Getting Conditional Access and Trouble-Ticket Features

    Microsoft added its conditional access security service to Microsoft 365 Business subscriptions, according to a Wednesday announcement, and it also added new trouble-ticket features for Microsoft 365 administrators.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.