Microsoft has accused Google of fudging its security credentials for its Apps for Government product, which Google claimed to be accredited under the US Federal Information Security Management Act (FISMA).
The Google Apps “Premier” platform was accredited, but its Apps for Government platform was not, the US Department of Justice found while investigating a legal dispute between Google and prospective client, the Department of the Interior (DOI).
“To be clear, in the view of the [General Services Administration] GSA, the agency that certified Google’s Google Apps Premier, Google does not have FISMA certification for Google Apps for Government,” the Justice Department said in a footnote to its court brief [PDF].
Google sued the DOI in October for allegedly not conducting a fair and open tender for a US$60 million email tender.
Google had argued that its FISMA accredited platform could meet all the department's security requirements.
Incidentally, Google gained its accreditation from the GSA last July, shortly before the administration awarded it an email systems contract.
David Howard, Microsoft's corporate vice president and deputy general counsel expressed disbelief that Google could be under the impression that accreditation for one platform covered another.
“If that were the case, then why did Google, according to the attachments in the DOJ brief, decide to file a separate FISMA application for Google Apps for Government?”
Howard picked up on a claim on Google’s Apps for Business page which states “Google Apps for Government, now with FISMA certification.”
“Google easily could have explained that it had received certification for Google Apps Premier and was in the process of seeking certification for Google Apps for Government. Instead, Google has continued to state that Google Apps for Government has FISMA certification itself,” said Howard.
“Google Apps received a FISMA security authorisation from the General Services Administration in July 2010. Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we’re working with GSA to continuously update our documentation with these and other additional enhancements.”