Today, the U.S. government agreed with Microsoft’s accusation that Google had provided misleading information about whether or not its Google Apps for Government is certified under the Federal Information Security Management Act (FISMA).
According to Business Insider, a government agent agreed with Microsoft in front of the U.S. Senate, testifying that the product in question was currently going through the recertification process.
David McClure, an associate administrator with the U.S. General Services Administration, testified before a hearing led by U.S. Senator Tom Carper, in which Carper asked if McCure would “comment on these recent reports and discuss how OMB and GSA are addressing the concerns that are raised by them.” His answer, as quoted in Business Insider (with their emphasis):
MCCLURE (GSA): Sure, I’d be glad to bring some clarity to it. In July 2010, GSA did a FISMA security accreditation for “Google Apps Premier.” That’s what the Google product was called, and it passed our FISMA accreditation process. We actually did that so other agencies could use the Google product. If we do one accreditation, it’s leveraged across many agencies. Since that time, Google has introduced what they’re calling “Google Apps for Government.” It’s a subset of Google Apps Premier, and as soon as we found out about that, as with all the other agencies, we have what you would normally do when a product changes, you have to re-certify it. So that’s what we’re doing right now, we’re actually going through a re-certification based on those changes that Google has announced with the “Apps for Government” product offering.
Google does have FISMA certification for Google Apps Premiere, but not for the Apps for Government, although that claim does appear on its website.
When we wrote about this topic earlier this week, Google’s David Mihalchik told us that “we did not mislead the court or our customers. Google Apps received a FISMA security authorization from the General Services Administration in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we’re working with GSA to continuously update our documentation with these and other additional enhancements.”
We’ve asked Google for an updated comment and will update this story upon receiving one.