Google dismisses Microsoft FISMA allegations

CLOUD SOFTWARE HOUSE and hosting outfit Google has dismissed accusations by Microsoft that it intentionally misled the US government over compliance with Federal Information Security Management Act (FISMA) certification.

Microsoft had claimed that Google Apps for Government is not FISMA certified, since a separate application would be needed in addition to certification of Google Apps. But Google said "these allegations are false", that it "takes the government's security requirements seriously" and that it has "delivered on our promise to meet them".

Google said it received FISMA authorisation for the standard version of Google Apps from the General Services Administration (GSA) in July 2010 and that it does not need a separate application for the government version of its software, since it is the same as Google Apps Premium Edition with two additional security enhancements relating to data location and segregation of government data.

Google said that the GSA indicated that Google Apps for Government could be incorporated into the company's existing FISMA certification and that a separate application was not required. Google also pointed out that a description of the government version was submitted to the GSA earlier this year, suggesting that it is well aware of the software.

Google backed up its claim by sharing a quote from the GSA, which said, "we're actually going through a re-certification ... with the 'Apps for Government' product."

The company said its documentation detailing its FISMA authorisation is readily available for government agencies to review and claims that it has been very transparent about the entire affair. It added that it regularly informs GSA of changes to its system and updates it documentation to highlight these changes. µ