The rhetoric between Google and the Department of Justice is heating up after the DOJ accused the search engine giant publicaly lying about Google Apps receivingÂ FISMA (orÂ Federal Information Security Management Act)Â certification.
Not surprisingly, Microsoft has joined the fray by declaring that their nemesis is evil, and portraying their foe as untrustworthy by linking to documents (from the DOJ) proving that Google did not in fact receive FISMA certification.
Google has not yet responded to the accusations via press release or their corporate blogs, but they are maintaining the fact that they did receive FISMA certification and its the DOJ who’s in error.
So who is right? Not surprisingly the truth lies somewhere in the middle.
According to the GSA, Google’s Google Apps Premier received FISMA certification on July 21, 2010. However, Google intends to offer Google Apps for Government as a more restrictive version of its product and, Google is currently in the process of finishing its application for FISMA certification for itsGoogle Apps for Government. See Attachment 3. To be clear, in the view of GSA, the agencythat certified Googleâ€Ÿs Google Apps Premier, Google does not have FISMA certification forÂ its Google Apps for Government. (DOJ Brief, pg. 13, note: PDF document)
Apparently Google did receive FISMA certification for a Google Apps Premier, then decided to create a more secure version which is not FISMA certified.
Although I do sympathize with Google here (who has become the Feds favorite whipping boy as of late), the DOJ and Microsoft is (for now) correct that Google is misleading the public by claiming something it doesn’t have.
Google needs to either pull all references regarding FISMA or offer more evidence, as the last thing the company wants is to be seen as “evil” in the public eye.