Google Denies Microsoft Claim It Lied About FISMA Credit

Microsoft accused Google of lying about its Google Apps FISMA certification. Google says it was simply updating its authorization with the General Services Administration.

Microsoft has uncovered details in a court filing that it claims proves Google has been lying to the Justice Department about achieving a government certification for its Google Apps collaboration software.

Google denied the allegation and claimed that Microsoft is trying to create a smokescreen for the fact that it doesn't have the Federal Information Security Management Act (FISMA) certification for its own rival Business Productivity Online Suite-Federal software.

FISMA accreditation means a product has passed a government agency's security requirements. Google achieved this credit for Google Apps last July, putting it in a favorable light for securing contracts with any of the dozens of government agencies.

The road to this latest skirmish is long and winding, steeped in semantics and imbued with what-have-yous and ins and outs. Last year, the Department of the Interior picked Microsoft BPOS, which would have let the software maker provide Web-based email for 88,000 government workers.

Google sued the DOI over the $59 million deal in October, claiming that it failed to look at Google Apps or any other suites in the market in the spirit of open competition.

Moreover, it pointed out that Microsoft's software was not FISMA certified, meaning it was unfit for use by the agency.

Google filed a motion for a preliminary injunction and secured the injunction. In at least three sections it claims that its Google Apps for Government product, which is tailored for government specs, is certified under FISMA.

But David Howard, Microsoft corporate vice president and deputy general counsel, discovered after some of the court papers were unsealed that the DOJ said that despite Google's claims, Google Apps for Government does not have FISMA certification.

Turns out Google's FISMA certification is for Google Apps Business edition (formerly known as Google Apps Premier edition), for which it charges $50 per user, per year. Google confirmed this for eWEEK, but said it did not mislead the court.

"Google Apps received a FISMA security authorization from the General Services Administration in July 2010," said David Mihalchik, a business development executive for Google's Enterprise group.

Here's where it gets tricky. Every government agency has different sets of requirements to fit its FISMA certification, so what works for the GSA may not work for the DOI, or even the DOJ. Google could achieve FISMA for Google Apps from one agency, but be told it needs to be more secure for another.