Groklaw: Microsoft Cloud Services Aren't FISMA Certified

doperative writes with this excerpt from Groklaw: "If you were as puzzled as I was by the blog fight, as Geekwire calls it, between Google and Microsoft over whether or not Google was FISMA certified, then you will be glad to know I gathered up some of the documents from the case, Google et al v. USA, and they cause the mists to clear. I'll show you what I found, but here's the funny part — it turns out it's Microsoft whose cloud services for government aren't FISMA certified. And yet, the Department of the Interior chose Microsoft for its email and messaging cloud solution, instead of Google's offering even though Google today explains that in [actuality] its offering actually is. It calls Microsoft's FUD 'irresponsible.'"

filter

Is there anyway to filter google/microsoft wars on /. ?

Re:filter

[blair1q]

Yes. It's really simple. When those words enter your brain through your eyes, set your brain not to send a signal to your hand to click "Reply".

HTH.

Re:filter

[hoytak]

Ok, done. Now what?

Re:filter

[alphatel]

I read this article to see if there would be interesting, surprising, or exciting information inside. Apparently not.

Re:filter

[blair1q]

Debug it.

Cuz...dayum.

Re:filter

Profit!

Re:filter

[Thing+1]

Uh, #failing?

Re:filter

Is there any way to filter the sound of a whoosh when reading /.?

ask me if I care?

Google and Microsoft are in the same category nowadays....

Re:ask me if I care?

[clang_jangle]

Google and Microsoft are in the same category nowadays....

Not quite. Google is actually pretty competent in a lot of their service offerings, and they don't try to hold all your data hostage to proprietary technologies. That alone is quite a sharp contrast.

It was tactful of Google to call microsoft's FUD "irresponsible" without condemning the government workers who chose to go with microsoft in violation of their own policies. It's probably likely that points to another very large difference between Google and microsoft -- Google isn't into bribing IT decision makers, they rely on the strength of their offerings.

Re:ask me if I care?

Exactly. Microsoft's online services are even worse when it comes to interoperability than their desktop software is, if you can believe it. Google's is exactly what you'd expect from a company which uses Linux, Windows, and OS X internally.

Re:ask me if I care?

[RobbieThe1st]

Hey, if the government chose my competetors in clear violation of the rules, I sure as heck would sue too. It's one thing if the government had a fair choice between them, and chose microsoft. But as we are seeing here, this isn't happening. They arbitrarially decided on microsoft in violation of the policies, all while allowing Google to think it had a chance early on.

Re:ask me if I care?

[zooblethorpe]

Google isn't into bribing IT decision makers, they rely on the strength of their offerings.

These days, that practically *is* bribery right there -- oo, your software actually *does what it says on the tin*?? You mean I no longer have to guess which parts of your documentation are outright lies? Want!

'Course, the fact that I'm armpits-deep in trying to figure out MSO 2003 to 2007 formatting cruft issues might color my judgment somewhat. CSS makes a *lot* more sense than Microsoft's never-quite-baked styling. And don't get me started on the abomination that is Office "Open" XML, which I've recently had to become very familiar with in a file format conversion project here at work... >:-(

And then there's SDL's "wonderful" localization software, but that's niche enough I doubt anyone here would have much interest.

Cheers,

Re:ask me if I care?

If the 'government IT decision makers' are violating their own laws then it's up to the corporations to sue the government. In this case, the corporations are working on behalf of the people by enforcing their chosen laws.

Re:ask me if I care?

[clang_jangle]

This is rich, as a description of the company suing the IT decision makers because they chose their competitor.

Only a microsoftie or fanboi could feel that way. Anyone rational would, as others have pointed out, be pleased that Google is suing. I don't want my tax dollars squandered on inferior technology and lost productivity due to incompetent implementations. You wouldn't either, if you had any sense.

Re:ask me if I care?

[clang_jangle]

Google isn't into bribing IT decision makers, they rely on the strength of their offerings.

These days, that practically *is* bribery right there

:) Microsoft has attempted to solicit favors from the feds by essentially claiming that Google has an unfair advantage because their technology is better, so ms can't compete. They clearly have no shame at all. Can anyone honestly say with a straight face that Balmer doesn't come off as a total dog-and-pony show operator? Not even an entertaining D & P operator -- at least Bill Gates and Steve Jobs were entertaining and have had some interesting things to say. Balmer? Dores anyone remember anythiing Balmer says, besides "developers, developers...?" Please... And now we know that bing's search results == last week's google search results, could microsoft's online services be more of a laughingstock? I think these deals where any business makes a small fortune at the taxpayers' expense need to be 100% open and transparent. No back room hookers and blow, just plain, honest business accountable to the taxpayers.

Re:ask me if I care?

No back room hookers and blow, just plain, honest business accountable to the taxpayers.

MS would be cut right out of many of their lucrative contracts, both government and business if they had to compete on merit alone. Anyone who's ever handled IT purchasing and isn't indoctrinated to think MS is the "default choice" knows this. MS will do what it takes to seal the deal with large IT decision makers. It's pathetic.

Re:ask me if I care?

[Nyder]

... Google isn't into bribing IT decision makers, they rely on the strength of their offerings.

That's not how free market works!!! You bride your way to the top.

Dang you Google!!!! Actually offering products that work and people might want!

Get with the program!

Re:ask me if I care?

[bonch]

I realize this is vehemently pro-Google territory, but it should be noted that Google won't even implement the "Do Not Track" feature in Chrome, and they were caught scanning and archiving personal WiFi data, which they didn't admit to until the German government threatened an audit. They have a history of disregard for user privacy. Let's not pretend they're some benevolent entity looking out for the user.

Google isn't into bribing IT decision makers, they rely on the strength of their offerings.

What? Google are the ones suing an IT department for choosing their competitors!

Re:ask me if I care?

You mean the competitors who are getting the tax payers to fund their FISA certification and claiming that Google isn't compliant?

Form stupidity like that, sounds where did you get that 5 digit ID, ebay?

Re:ask me if I care?

I realize this is vehemently pro-Google territory...

Preferring google over microsoft isn't so much "pro-Google", it's more a matter of choosing the lesser evil. I think most of us in this discussion understand that.

Let's not pretend they're some benevolent entity looking out for the user.

No-one in this discussion is doing that AFAICT.

Re:ask me if I care?

[nosferatu1001]

Theyre suing them because they werent even considered, which was in violation of the rules the tender was supposed to be conducted under.

Re:ask me if I care?

[nosferatu1001]

Sigh. No, they are suing them for not even considering Google, which contravened the rules of the tender.

Re:ask me if I care?

[Coren22]

and they were caught scanning and archiving personal WiFi data, which they didn't admit to until the German government threatened an audit.

Bullshit. Google came forward and said that they made a mistake, that is what started the whole thing. Germany then tried to demand the data, which would have been illegal for them to obtain. Google is the one who came forward saying "oops, looks like we collected this data, we would like to destroy it as it was not meant to be collected" the German government wouldn't let them destroy the data, it was too valuable to them.

http://www.reuters.com/article/2010/06/22/urnidgns002570f3005978d80025774a00595fb-idUS226627768520100622

Google flat out indicated "oops, we didn't mean to collect payload data, it was a misconfiguration" and destroyed it upon the request of at least Ireland.

Re:ask me if I care?

Ouch. Let us know if you set up a PayPay account to solicit donations for the therapy you probably need right about now...

Re:ask me if I care?

I realize this is vehemently pro-Google territory

No, you don't. As usual, you are pretending that Slashdot is a single person, and that that "person" is always in favor of everything Google does (both of which are lies).

You do this because you are desperate for approval, and hope to gain it by presenting yourself as an iconoclast. However, you are not even able to convince yourself that this image fits you, let alone anyone else.

Voice from the Other Side?

[oldhack]

Maybe Groklaw should stick around?

Re:Voice from the Other Side?

[Compaqt]

This is really strange that they're coming up with good stuff like this right before going away.

Re:Voice from the Other Side?

[WrongSizeGlass]

This is really strange that they're coming up with good stuff like this right before going away.

<George Castanza>Leaving on a high note!</George Castanza>

Re:Voice from the Other Side?

[517714]

Not if this is the trend. Where are the links to the original sources - DOI RFQ, Google's complaint, the DOJ brief, and the amicus briefs? This was the worst bit of reporting I have seen from Groklaw, and I believe Google's suit is valid.

If you read the RFQ you can see that the DOI did not issue a competitive request as they should have, but that FISMA certification was to be achieved after the contract was issued so it is a non-issue.

Google's complaint is whiny and overlong and full of irrrelevant facts that only weaken their position.

The DOJ brief said the Government is presumed to act fairly so Google's suit should be dismissed. The DOJ has our best and brightest?

But instead of dealing with the real issues it is about distractions. What is this, Reality TV?

Re:Voice from the Other Side?

[Feltope]

But instead of dealing with the real issues it is about distractions. What is this, Reality TV?

Well since your talking about our government I am forced to ask one question. Is that a rhetorical question?

Re:Voice from the Other Side?

[Nyder]

...This was the worst bit of reporting I have seen from Groklaw,...

Well to be fair, Groklaw already put in it's notice and is probably slacking the last bit till it's out of here.

Re:Voice from the Other Side?

Life imitates art

Re:Voice from the Other Side?

[davester666]

Just like Manny Ramirez!

Re:Voice from the Other Side?

You anti-gov asshats are annoying. The "Reality TV" comment was a reference to Microsoft and Google- your (not "you're", you fucking illiterate dipshit) beloved corporations.

Getting worse by the minute

[Derekloffin]

When I first heard of this story, I thought it was just some government agency not dotting it's 'i's in the paper work. Now it's really starting to look like some serious BS was going on.

Re:Getting worse by the minute

[TubeSteak]

Now it's really starting to look like some serious BS was going on.

A lot of government procurement involves someone writing a list of requirements that can only be met by one company.
Sometimes it happens at the agency level, sometimes the requirements are attached to congressional appropriations.
Either way, it happens. A lot.

Re:Getting worse by the minute

Starting?

Re:Getting worse by the minute

[Anthony+Mouse]

Either way, it happens. A lot.

Is that somehow mutually exclusive with it being "serious BS"?

Re:Getting worse by the minute

[Fjandr]

No, I think the issue was with the "starting to look" part. The start was long ago. We're well into this being run-of-the-mill behavior in government contracting.

Re:Getting worse by the minute

[hawkinspeter]

In this case, it looks like the requirements were only met by one company, but they chose the other one anyway.

Re:Getting worse by the minute

not only in government, at all large engineering firms. I spent some time working for AMEC during an internship and while drawing filling out a requirements spec was specifically told to look for differences that a particular vendors product had that competitors didn't. Guess who won the multi-million dollar contract...

Big F*cking Surprise

[npsimons]

This is precisely why I tried modding the original FUD article down in the firehose. Anyone with half a clue and more than a few years experience in computing could have told you that Microsoft was most likely lying.

Re:Big F*cking Surprise

[h4rr4r]

You forgot their "Get the Facts" Campaign already?

Re:Big F*cking Surprise

[Locke2005]

How can you tell when a Microsoft spokesman is lying?


His lips are moving!

Perhaps, like Jon Kyl's remarks, this was "Not intended to be a factual statement!"

Re:Big F*cking Surprise

[WindBourne]

nah. more like his heart his beating. MS spokesmen are all too happy to lie on-line as well.

Re:Big F*cking Surprise

[cbhacking]

Actually, I don't recall a single place where MS said their offering was FISMA certified. They weren't saying "Our offering is and Google's isn't, so choose us!" they were saying "Google is saying their oiffering is certified but it's not; they're lying to you." So far as I've seen, this is true. Microsoft never tried to hide that their offering wasn't certified yet, they're just a vendor calling out their competitor for lying to the client (the government).

Re:Big F*cking Surprise

The reason MS falsely claimed that Google wasn't certified was to deflect attention away from their own lack. MS not having certification is just the motive for the lie.

Re:Big F*cking Surprise

Great! So can we kill the marketing departments now? Please?

Re:Big F*cking Surprise

The GSA themselves have declared that Google's product is indeed FISMA certified ( http://gcn.com/articles/2011/04/14/google-fires-back-on-fisma-certification.aspx and http://www.businessinsider.com/dear-microsoft-you-owe-google-an-apology-2011-4) so Google's original argument that the Department of the Interior did not give Google fair consideration when selecting their vendor as Microsoft did not have FISMA certification is still valid. From what I understand, all this does is put more egg on Microsoft's face (along with the officials involved in vendor selection at the Department of the Interior).

Re:Big F*cking Surprise

[greenbird]

So far as I've seen, this is true. Microsoft never tried to hide that their offering wasn't certified yet

Steve, is that you? Naaa, can't be. It's been a while since you've been reported as throwing chairs so even if you're on your meds no way the response would be that calm.

It's as far as you've seen because you've got Microsoft logos painted on your glasses. Read the article. The GSA stated that Google's offering was FISMA certified since July 2010. Since they're the ones who do the certifications I'd say that makes a pretty strong case as to who's lying here (it's Microsoft, in case you're still too dense to see it).

Microsoft never tried to hide that their offering wasn't certified yet

Even if they didn't their claim that Google's wasn't was a blatant lie. And a clear indication that they don't even understand how FISMA certification works which is telling in and of itself.

Re:Big F*cking Surprise

Who says they have hearts?

Re:Big F*cking Surprise

It's either a lie *or* they don't understand how it works, dumbass.

Re:Big F*cking Surprise

[Inzite]

Great! So can we kill the marketing departments now? Please?

I have it on good authority that these mindless jerks will be the first ones up against the wall when the Revolution comes.

Re:Big F*cking Surprise

Or, how about, it is a lie, and Microsoft doesn't understand how the system works for them to get the same certification. The two are not mutually exclusive. Dumbass.

Re:Big F*cking Surprise

Heh, same thing can be said about Google, make no mistake.

Re:Big F*cking Surprise

[Anthony+Mouse]

Microsoft never tried to hide that their offering wasn't certified yet, they're just a vendor calling out their competitor for lying to the client (the government).

Except that it is and was certified, according to the GSA (which issues the certifications).

Re:Big F*cking Surprise

[gaelfx]

I had assumed the reason that they mentioned Microsoft's cloud services not being FISMA certified was that the government is still using Microsoft's services...or did I misunderstand something?

Re:Big F*cking Surprise

[cavreader]

Not really, Goggle just got caught out by claiming something that was not entirely true and MS took advantage just like I have no doubt Google or any other competitor would have done the same if given the same opportunity.

Re:Big F*cking Surprise

What Google said was completely true. Microsoft had a mole inside the government who claimed Google was lying but it was the mole and Microsoft who were lying, not Google. The GSA, who is responsible for FISMA certification said Google's offering was certified. FTFA:

We [Google] take the federal government's security requirements seriously and have delivered on our promise to meet them. What's more, we've been open and transparent with the government, and it's irresponsible for Microsoft to suggest otherwise.

Let's look at the facts. We received FISMA authorization for Google Apps from the General Services Administration (GSA) in July 2010. Google Apps for Government is the same technology platform as Google Apps Premier Edition, not a separate system. It includes two added security enhancements exclusively for government customers: data location and segregation of government data. In consulting with GSA last year, it was determined that the name change and enhancements could be incorporated into our existing FISMA certification. In other words, Google Apps for Government would not require a separate application.

This was reflected in yesterday's Congressional testimony from the GSA: "...we're actually going through a re-certification based on those changes that Google has announced with the 'Apps for Government' product offering."

FISMA anticipates that systems will change over time and provides for regular reauthorization -- or re-certification -- of systems. We regularly inform GSA of changes to our system and update our security documentation accordingly. The system remains authorized while the changes are evaluated by the GSA. We submitted updates earlier this year that included, among other changes, a description of the Google Apps for Government enhancements.

Re:Big F*cking Surprise

[BasilBrush]

"As far as you've seen" must not involve reading TFA you're commenting on.

Re:Big F*cking Surprise

[BasilBrush]

What Google said was entirely true, as you'll find if you RTFA. Yes there's a lot of words there, but if you can't be bothered to read them, don't bother to comment.

Re:Big F*cking Surprise

[RockDoctor]

How can you tell when a Microsoft spokesman is lying?

His lips are moving!

I'd say it's on those days that she (or he, let's not be restrictive) isn't buried in a grave with a stake through their thoracic cavity (where their heart used to be), their heads cut off and their mouth stuffed with garlic.

Perhaps we should nuke Redmond from orbit, just to be sure.

Re:Big F*cking Surprise

[Anomalyst]

.mod parent up, informative. Th bolded quotes are a revalation to me. I'm no Google fanboi (I use yippy), but it looks like Google was a lot more forthright than MS, of course the bar MS sets for ethics is not very high, 2 femtometers max, at a guess.

Re:Big F*cking Surprise

[mystikkman]

Huh, Microsoft only repeated what the DoJ said:

On December 16, 2010, counsel for the Government learned that, notwithstanding Googles
representations to the public at large, its counsel, the GAO, and this Court, it appears that
Googles Google Apps for Government does not have FISMA certification.

This was known...

[elashish14]

I believe part of Google's complaint was that additional cost in the government's Microsoft solution was going towards funding in the process of achieving FISMA certification (apologies, but no citation).

Re:Compared to?

[xMrFishx]

I guess they both make a good FUD pie.

Re:Compared to?

[ackthpt]

>It calls Microsoft's FUD 'irresponsible.'

Compared to their responsible FUD which is much better.

Business as usual between business and government - business sells based upon MOU and promises they'll weasel around, while government rarely goes back to review the contract.

Re:Crowd pleasing article

[freakingme]

Groklaw is actually wrong on the basic fact of certification. Google Apps for Government is not FISMA certified and google itself has stated it hopes to get the certification "updated soon"

Groklaw is right on this. Google Apps has been FISMA certified, and as such Google Apps for governments is too since it's the same platform. What they want to have updated is the explicit mention of 'google apps for govs' which is currently not in the certs.

Re:Compared to?

Or a FUDsicle?

Dilbert on Certification

[v1]

NOT goatse

Re:Dilbert on Certification

Same cartoon without crap.

And she thought that groklaw was not worth doing

[WindBourne]

The fact is, that SCO was NEVER about SCO or Unix. It was MS and Sun behind this. Now, MS has moved on to many many more targets. She is needed more now than ever. If I were in Google, I might consider ways to help her out financially.

Follow the money

Bribes anyone?

Yours In D.C.,
K. Trout

Uh, Where is the news here?

[xkr]

I mean no offense, but as a student of history, aren't FUD and Microsoft synonymous?

Re:Uh, Where is the news here?

[sco08y]

I mean no offense, but as a student of history, aren't FUD and Microsoft synonymous?

This FUD got Google dragged before the US Senate, so it's pretty newsworthy.

Re:Uh, Where is the news here?

[ackthpt]

I mean no offense, but as a student of history, aren't FUD and Microsoft synonymous?

This FUD got Google dragged before the US Senate, so it's pretty newsworthy.

Yeah, it's not like the House where just about anybody can get dragged before it.

Re:Uh, Where is the news here?

[turbidostato]

"I mean no offense, but as a student of history, aren't FUD and Microsoft synonymous?"

As a student of history you should know that FUD was an IBM invention, Microsoft is just an advanced student.

Re:Uh, Where is the news here?

[WillDraven]

If you want to be pedantic, the tactic has been in use for nearly all of human history, and the acronym was coined by Gene Amdahl (but yes, he was talking about IBM).

Re:Uh, Where is the news here?

[Ultracrepidarian]

The student has bettered the master.

Did Microsoft ever claim it was?

[flimflammer]

Am I not mistaken that Microsofts original claim was that Google claimed to be but were not, essentially calling out their lie? Did Microsoft also claim they were and this proves them to be lying as well?

Re:Did Microsoft ever claim it was?

You're correct, but this is slashdot.

Re:Did Microsoft ever claim it was?

[Derekloffin]

I would say the claim was implied since they were producing the product that was competing. If the certification was irrelevant, than bringing it up (particularly falsely as they did) is highly suspect.

Re:Did Microsoft ever claim it was?

[cbhacking]

Microsoft never claimed that their offering was certified. Their claim was that Google was lying by claiming a certification that Google didn't have.

Apparently some people who have more hatred for MS than reading comprehension skill have twisted this into a claim that Google was pretending to have a certification that MS already has. That's not the case.

Re:Did Microsoft ever claim it was?

Microsoft never claimed that their offering was certified. Their claim was that Google was lying by claiming a certification that Google didn't have.

Apparently some people who have more hatred for MS than reading comprehension skill have twisted this into a claim that Google was pretending to have a certification that MS already has. That's not the case.

Even the "Google was lying" part wasn't from Microsoft, but from sensationalist media. If you read Microsoft's original posting on this it was actually quite cautios (but who cares, flame on)

Re:Did Microsoft ever claim it was?

[tgd]

No, but this is Slashdot and the reality distortion field is the rule where certain topics are concerned.

The poster sending it is not surprising, neither are the anti-microsoft drones replying, but it surprises me that the editors would let a story like this through. I mean, seriously, the last story in here talked about how part of MS's proposal involved the certification process, and the problem was Google was claiming they were cheaper and didn't need the certification.

Google was, and is, the one lying.

This is a surprising gaffe for Groklaw. I wonder if it was a legitimate mistake, or something done deliberately.

Re:Did Microsoft ever claim it was?

[xactoguy]

The GSA has declared that Google's product does have FISMA certification so (at least on this point) they are not lying.

Re:Did Microsoft ever claim it was?

[greenbird]

Apparently some people who have more hatred for MS than reading comprehension skill have twisted this into a claim that Google was pretending to have a certification that MS already has. That's not the case.

No, apparently people with the ability to actually read and comprehend have to explain how Microsoft lied and had their non-security certified solution chosen over one that had a security certification. You see, I'll type slowly, Microsoft claimed Google's product wasn't certified. But the GSA, who does the certifying mind you, said that Google's product is and was certified. So clearly Microsoft lied. And I think people want it explained why a government agency that was looking for a solution to reduce security breaches chose a solution that was not certified (Microsoft's) over one that was certified (Google's).

That's what the summary says. That wasn't so difficult now, was it?

If you're gonna try to be snarky at about reading comprehension it'd be better if you actually tried reading with a little comprehension first.

Re:Did Microsoft ever claim it was?

[initdeep]

no, the claim was not implied.
it was inferred in your case.

Re:Did Microsoft ever claim it was?

[inode_buddha]

There is no gaffe. I know from first-hand experience that PJ spends a couple of days researching before she publishes anything. And I also know that she prefers to go straight to the original sources (such as the gov't) instead of quoting all the other journalists.

Re:Did Microsoft ever claim it was?

Imagine if Slashdot posters and editors did that. This place could be a beacon of nerd enlightenment, rather than a propaganda-spreading, rundown website.

Re:Did Microsoft ever claim it was?

[mystikkman]

Apparently some people who have more hatred for MS than reading comprehension skill have twisted this into a claim that Google was pretending to have a certification that MS already has. That's not the case.

No, apparently people with the ability to actually read and comprehend have to explain how Microsoft lied and had their non-security certified solution chosen over one that had a security certification. You see, I'll type slowly, Microsoft claimed Google's product wasn't certified. But the GSA, who does the certifying mind you, said that Google's product is and was certified. So clearly Microsoft lied. And I think people want it explained why a government agency that was looking for a solution to reduce security breaches chose a solution that was not certified (Microsoft's) over one that was certified (Google's).

That's what the summary says. That wasn't so difficult now, was it?

If you're gonna try to be snarky at about reading comprehension it'd be better if you actually tried reading with a little comprehension first.

Your post exemplifies how Groklaw FUDs gullible people into believing nonsense. First of all the headline, summary and Groklaw are flat out twisting the facts about 'it turns out MS is the one without certification' as if MS claimed it, which it never ever did, at any point. Groklaw is the one lying by implying that MS said it's offering was FISMA certified. If you're quoting the summary, then you're the one that's being misled.

You're the one that needs to read, and not read just Groklaw even if you think it's a good source, because it's not and it's blindly anti MS biased and will twist and hide facts to support anything anti-MS and will cheerlead the other side and hide all their faults regardless of merits.

If you do so, you will see that Google wanted to throw federal data along with other private customers' data in the same servers and infrastructure. So if there was a breach because of the private customer, federal data would be compromised and told the DOI to shove it when it was objected. MS agreed to have a dedicated infrastructure for the DoI (the reason it was more expensive) so the DoI notified that it was restricting bids to resellers of MS's offering. AFTER all this, Google announced Apps for Govt with a separate cloud for Federal, State and County government data(which the DoI may not be still happy with because of State data getting intermingled).

Re:Did Microsoft ever claim it was?

[mystikkman]

Then why do we have the misleading article, summary and misleading headline here? "turns out MS didn't have certification"? Huh? When did MS ever claim to have certification? It's just made up by Groklaw.

Re:Did Microsoft ever claim it was?

Even the "Google was lying" part wasn't from Microsoft, but from sensationalist media.

If you had read TFA then you might have seen this blog entry by David Howard who is Corporate Vice President & Deputy General Counsel for Microsoft. He says Google is lying about their FISMA certification:

Google can't be under the misimpression that FISMA certification for Google Apps Premier also covers Google Apps for Government. If that were the case, then why did Google, according to the attachments in the DOJ brief, decide to file a separate FISMA application for Google Apps for Government?

Nor does it seem likely that Google believes that the two offerings are so similar that the differences simply won't matter to people. After all, if the facts are so good, why persist in telling a fiction?

Why do you continue to lie in order to try to cover up the previous lies? Didn't your mother ever teach you the story about the boy who cried wolf?

Re:Did Microsoft ever claim it was?

[whoever57]

Your post exemplifies how Groklaw FUDs gullible people into believing nonsense. First of all the headline, summary and Groklaw are flat out twisting the facts about 'it turns out MS is the one without certification' as if MS claimed it, which it never ever did, at any point. Groklaw is the one lying by implying that MS said it's offering was FISMA certified. If you're quoting the summary, then you're the one that's being misled.

No, you are the one being disingenuous. Neither Groklaw nor the summary imply that "MS said it's offering was FISMA certified". You read this into your interpretation and then complain about Groklaw for saying something it did not. Pot, meet kettle. Go back to your desk at Redmond!

Re:Did Microsoft ever claim it was?

Your post exemplifies how Groklaw FUDs gullible people into believing nonsense. First of all the headline, summary and Groklaw are flat out twisting the facts about 'it turns out MS is the one without certification' as if MS claimed it, which it never ever did, at any point. Groklaw is the one lying by implying that MS said it's offering was FISMA certified. If you're quoting the summary, then you're the one that's being misled.

No, you are the one being disingenuous. Neither Groklaw nor the summary imply that "MS said it's offering was FISMA certified". You read this into your interpretation and then complain about Groklaw for saying something it did not. Pot, meet kettle. Go back to your desk at Redmond!

"here's the funny part, it turns out it's Microsoft whose cloud services for government aren't FISMA certified".

That's not the funny part, because it's known to everyone with a clue about the case, except MS hating Slashdotters like you. You go back to your parents' basement.

Re:Did Microsoft ever claim it was?

[BasilBrush]

Microsoft never claimed that their offering was certified. Their claim was that Google was lying by claiming a certification that Google didn't have.

And that claim by Microsoft was in fact the lie, and Google wasn't lying.

Re:Did Microsoft ever claim it was?

[BasilBrush]

Oh dear, oh dear. Hello Mr Microsoft-Shill.

Your post exemplifies how Groklaw FUDs gullible people into believing nonsense. First of all the headline, summary and Groklaw are flat out twisting the facts about 'it turns out MS is the one without certification' as if MS claimed it

No one, not any of those sources you accuse, say that MS claimed to have certification. Merely that it was funny to discover Microsoft did not. Quote:

"I'll show you what I found, but here's the funny part -- it turns out it's Microsoft whose cloud services for government aren't FISMA certified."

If you do so, you will see that Google wanted to throw federal data along with other private customers' data in the same servers and infrastructure.

False. Google's proposal had federal data on servers alongside other US government customers. Not alongside private customers.

AFTER all this, Google announced Apps for Govt with a separate cloud for Federal, State and County government data(which the DoI may not be still happy with because of State data getting intermingled).

Again false, Mr Shill.

Re:Did Microsoft ever claim it was?

Actually google were sorta lying. The certification does not automatically pass on to the government modified version of google apps. It would have been ok to say it was under review, or in the process of being certified but it certainly was NOT certified, even if end result is just pushing paper around and getting it approved that had not occured yet.

Re:Did Microsoft ever claim it was?

[man_of_mr_e]

You do, huh? Then explain why PJ is making a big fuss over something that never happened.

Microsoft wasn't saying that Google should not be chosen because they weren't FISMA certified, they said that the Department of Justice, in court documents, stated that Google Apps for Goverment was not certified, and that the DOJ claimed that the GSA did not view them as certified. This is not an implication that their (MS's) product was certified, just that Google's wasn't as Google claimed. Somehow PJ inferred a claim that wasn't there, and then proceeded to make a big stink about said non-existent claim. Yeah, that's good research.

Googles response seems a bit odd. They claim that their Google Apps Premier certification carried over to the Google Apps for Government product, even though they admit that GAfG has several significant differences from GAP that requires it to be recertified, and that recertification was not yet complete. It's a bit like driving on a temporary drivers license, technically you have a valid license, but it's under review.

Claiming that GAfG was FISMA certified in their bid, and failing to mention that it needed to complete recertification was certainly misleading (the term Microsoft used). What if GAfG was chosen (specifically because Google had claimed it was certified) and then it failed recertification? What if the changes Google made proved to be insecure?

I think it's certainly understandable that Microsoft interpreted the need for recertification as admission that GAfG wasn't certified. That would seem the logical conclusion. If GAfG was still certified through the GAP certification, then that would be an incorrect (but logical) assumption.. especially given that the DOJ documents made the claim of lacking certification.

People in the blogosphere seem to be quick to throw the word "lied" around. Even Microsoft didn't say google Lied. In fact, Microsoft merely stated the fact that the Department of Justice made the claim that GAfG wasn't certified. The DOJ also made the claim that the GSA didn't view GAfG as certified. So it was apparently the DOJ that was wrong about the GSA's views.

Re:Did Microsoft ever claim it was?

[Coren22]

And this whole thing is about Google calling MS liars for saying that Google wasn't FISMA when they actually are.

Google now has responded with a blog post, The Truth about Google Apps and FISMA:

In a breathless blog post, Microsoft recently suggested we intentionally misled the U.S. government over our compliance with the Federal Information Security Management Act (FISMA). Microsoft claims we filed a separate FISMA application for Google Apps for Government, then leaps to the conclusion that Google Apps for Government is not FISMA certified. These allegations are false.
We take the federal government’s security requirements seriously and have delivered on our promise to meet them. What’s more, we’ve been open and transparent with the government, and it’s irresponsible for Microsoft to suggest otherwise.

Let’s look at the facts. We received FISMA authorization for Google Apps from the General Services Administration (GSA) in July 2010. Google Apps for Government is the same technology platform as Google Apps Premier Edition, not a separate system. It includes two added security enhancements exclusively for government customers: data location and segregation of government data. In consulting with GSA last year, it was determined that the name change and enhancements could be incorporated into our existing FISMA certification. In other words, Google Apps for Government would not require a separate application.

This was reflected in yesterday’s Congressional testimony from the GSA: “...we're actually going through a re-certification based on those changes that Google has announced with the ‘Apps for Government’ product offering.”

FISMA anticipates that systems will change over time and provides for regular reauthorization—or re-certification—of systems. We regularly inform GSA of changes to our system and update our security documentation accordingly. The system remains authorized while the changes are evaluated by the GSA. We submitted updates earlier this year that included, among other changes, a description of the Google Apps for Government enhancements.

We’ve been very transparent about our FISMA authorization. Our documentation has always been readily available for any government agency to review, and dozens of officials from a range of departments and agencies have availed themselves of the opportunity to learn more about how we keep our customers’ data secure.

We’ll continue to update our documentation to reflect new capabilities in Google Apps. This continuous innovation is an important reason government customers select our service. We’re confident that Microsoft will also re-authorize their applications on a regular basis, once they receive FISMA authorization. We look forward to continuing to work with governments around the world to bring them the many benefits of cloud computing.

Posted by Eran Feigenbaum, Director of Security, Google Enterprise

Re:Did Microsoft ever claim it was?

[Coren22]

According to the GSA it does.

FTFA

Google now has responded with a blog post, The Truth about Google Apps and FISMA:

In a breathless blog post, Microsoft recently suggested we intentionally misled the U.S. government over our compliance with the Federal Information Security Management Act (FISMA). Microsoft claims we filed a separate FISMA application for Google Apps for Government, then leaps to the conclusion that Google Apps for Government is not FISMA certified. These allegations are false.
We take the federal government’s security requirements seriously and have delivered on our promise to meet them. What’s more, we’ve been open and transparent with the government, and it’s irresponsible for Microsoft to suggest otherwise.

Let’s look at the facts. We received FISMA authorization for Google Apps from the General Services Administration (GSA) in July 2010. Google Apps for Government is the same technology platform as Google Apps Premier Edition, not a separate system. It includes two added security enhancements exclusively for government customers: data location and segregation of government data. In consulting with GSA last year, it was determined that the name change and enhancements could be incorporated into our existing FISMA certification. In other words, Google Apps for Government would not require a separate application.

This was reflected in yesterday’s Congressional testimony from the GSA: “...we're actually going through a re-certification based on those changes that Google has announced with the ‘Apps for Government’ product offering.”

FISMA anticipates that systems will change over time and provides for regular reauthorization—or re-certification—of systems. We regularly inform GSA of changes to our system and update our security documentation accordingly. The system remains authorized while the changes are evaluated by the GSA. We submitted updates earlier this year that included, among other changes, a description of the Google Apps for Government enhancements.

We’ve been very transparent about our FISMA authorization. Our documentation has always been readily available for any government agency to review, and dozens of officials from a range of departments and agencies have availed themselves of the opportunity to learn more about how we keep our customers’ data secure.

We’ll continue to update our documentation to reflect new capabilities in Google Apps. This continuous innovation is an important reason government customers select our service. We’re confident that Microsoft will also re-authorize their applications on a regular basis, once they receive FISMA authorization. We look forward to continuing to work with governments around the world to bring them the many benefits of cloud computing.

Posted by Eran Feigenbaum, Director of Security, Google Enterprise

Re:Did Microsoft ever claim it was?

[mystikkman]

What's up with the all the shill accusations? What should I call you? A freetard? Or an iFangirl?

False. Google's proposal had federal data on servers alongside other US government customers. Not alongside private customers.

Go read the documents of the case instead of blindly following Slashdot and Groklaw, you will find a it's a different world out there.

In the summer of 2009, during his development of the draft Project Plan, Mr.
Corrington met with both Google and Microsoft to discuss the Unified Messaging project, and to
understand the capabilities of the companies’ respective cloud offerings. AR 150, 184. At the
time, Microsoft offered two different models of the Business Productivity Online Suite
(“BPOS”) – BPOS-Standard, a multi-tenant, public cloud, and BPOS-Dedicated, a single-tenant
Case 1:10-cv-00743-SGB Document 42-1 Filed 12/27/10 Page 10 of 64
- 6 -
cloud with infrastructure that is dedicated solely to one organization.2 In contrast, Google only
offered Google Apps, a multi-tenant, public cloud with infrastructure that is shared among
various cloud users. During DOI’s meeting with Microsoft in August 2009, Microsoft confirmed
that it could provide a cloud with infrastructure dedicated solely to DOI. AR 184. The record
establishes that Google did not, and would not, provide DOI with this same assurance during
their meeting with DOI in the summer of 2009. AR 150.
Consistent with DOI’s initial market research, the September 28, 2009 version of
the draft Project Plan proposed that DOI utilize Microsoft’s dedicated cloud offering to deliver a
single email system to all DOI users. AR 1098. The Department’s research at that point in time
had revealed that BPOS-Dedicated was the only available cloud solution that met this
requirement. ...

On February 18, 2010, Mr. Corrington, along with Mr. Bernard Mazer, DOI’s
Chief Information Officer (who at the time was the CIO for the U.S. Fish and Wildlife Service),
and Mr. Andrew Jackson, DOI’s Deputy Assistant Secretary for Technology, Information and
Business Services, met with Google officials, including the company’s Vice President of North
America, regarding the planned Unified Messaging project. AR 85, 150. During the meeting,
Case 1:10-cv-00743-SGB Document 42-1 Filed 12/27/10 Page 12 of 64
- 8 -
Google advised DOI that Google would not offer a single-tenant cloud. AR 150 (“no single
tenant offering would be available”). ...

On April 28, 2010, Mr. Corrington and Mr. Mazer attended a Google Apps
Summit for government IT leaders to learn more about the cloud offering that Google could offer
to DOI. AR 97-98, 150. After the presentation, Mr. Mazer and Mr. Corrington shared certain
security concerns that DOI believed required the Department to implement a cloud solution with
a dedicated infrastructure. The Google officials responded by objecting to the premise that DOI
required a dedicated cloud, and again refused to offer DOI a dedicated cloud. AR 150 ...

However, when DOI specifically asked Google about whether the company was able to
provide the service on a dedicated infrastructure, Google again replied that it was “incapable of
supporting a dedicated solution and proceeded to argue against the merits of a dedicated
infrastructure.” ...

After the meeting, on June 17, 2010, Google sent another letter to DOI that
argued that the Department was defining its requirements too narrowly and continued
specifically to object to DOI’s expressed preference for a dedicated cloud with a physically
isolated computing infrastructure. AR Tab 5. ...

In February 2010, Microsoft publicly announced plans to offer BPOS-Federal, a
cloud computing solution specifically for the Federal govern

Re:Did Microsoft ever claim it was?

[BasilBrush]

What's up with the all the shill accusations? What should I call you? A freetard? Or an iFangirl?... Oh hello, Mr. Clueless FreeTard, or maybe Mr. Google Shill

The shill accusation is accurate. It's in your history of posting. Microsoft has your drool on it's corporate balls. You can do whatever name calling you like in return, if it makes you feel better. But don't don't whine about my accusation of you being a shill, because it only shows you up as being a hypocrite too.

And if you had read my previous posts you'd see I'm no friend of Google, Linux, nor "freetards". Quite the contrary. Which rather punctures your accusations anyway.

Go read the documents

I'd be very happy to discuss the very same version of the document that you are quoting. Some of the text you quote matches the one linked to in TFA. Some of it does not(!) So link please. I'm sure your neglecting to do so in the first place was entirely an oversight.

Re:Did Microsoft ever claim it was?

[mystikkman]

Here: http://www.groklaw.net/pdf2/SoftchoiceOppMotforJonAdminRecord.pdf

PS: I am no shill, the closest I was to Microsoft was when I was in Seattle, interviewing for Amazon for a Linux based position. My posting history is like that because it's fun to point out the other side of things.

Re:Did Microsoft ever claim it was?

So you're *acting* like a shill because it's fun? Ok, then, you're perhaps not a shill afterall. You're obviously a douche.

Re:Did Microsoft ever claim it was?

You go back to your parents' basement.

I can't, since they are dead and the house long since sold.

Re:Compared to?

[Locke2005]

Microsoft's FUD is better; all their employees are members of the FUD packer's union...

Brain Exploded

[malignant_minded]

"And yet, the Department of the Interior chose Microsoft for its email and messaging cloud solution, instead of Google's offering even though Google today explains that in actually its offering actually is"

Re:Brain Exploded

Microsoft probably wrote the salient characteristics for the contract.

The Facts?

[wheresthefire]

Since when is a legal brief by one of the litigating parties an unbiased source of "facts"? Everything in this post and in the link is stated as fact, yet all of it comes from a single legal brief filed by Google. I thought /.'s standards for journalism were a little higher.

Re:The Facts?

[greenbird]

Since when is a legal brief by one of the litigating parties an unbiased source of "facts"?

If you actually read the article you'll find that it's clearly stated that the initial information is from a Google brief and therefore may be biased. And then you'll find in the update to the article that the GSA, who grants the certifications in question, clearly states that Google's claims in the brief are true. That may be just a slightly less biased source supporting Google's claims in the brief.

Re:The Facts?

Are you crazy?
This is anti-Microsoft news!

Re:The Facts?

[man_of_mr_e]

However, the Department of Justice rejected Googles claim that it was certified, and they claimed the GSA did not view it as certified. So, both sides seem to be at odds over what the GSA actually did or didn't do.

Wrong terminology

[Bunzinator]

It calls Microsoft's FUD 'irresponsible.'? 'Fraudulent' would be a better adjective.

Re:Wrong terminology

[Alex+Belits]

"Fraudulent" is the part where they claimed that Google service lacks certification.

Making such claims while not having certification themselves, is the "irresponsible" part, as bringing it up implies that Microsoft has it, and that is the reason why it is supposedly superior.

Editors!

[Bromskloss]

"If you were as puzzled as I was by the blog fight, as Geekwire calls it, between Google and Microsoft over whether or not Google was FISMA certified, then you will be glad to know I gathered up some of the documents from the case, Google et al v. USA, and they cause the mists to clear. I'll show you what I found, but here's the funny part — it turns out it's Microsoft whose cloud services for government aren't FISMA certified. And yet, the Department of the Interior chose Microsoft for its email and messaging cloud solution, instead of Google's offering even though Google today explains that in actually its offering actually is. It calls Microsoft's FUD 'irresponsible.'"

Editors!

Re:Editors!

[sconeu]

Can't blame the editors, that's a typo by PJ.

Re:Editors!

[adamofgreyskull]

Now...if only the editors had a way to indicate that an error in the original text was reproduced verbatim from the original!

Protip: They do. ;)

re:Microsoft Cloud Services Aren't FISMA Certified

[JohnVanVliet]

I like how the Groklaw article ends -- to quote
-quote-
Guys, don't you realize by now that Microsoft is Microsoft? You don't remember Get the Facts? All those "independent" studies that found Microsoft products to be the best thing since someone invented the wheel? Forewarned is forearmed.
-end quote-

keep in mind that
" We are the Microsoft .You will be assimilated . Resistance is futile !

Error was in original

[SpaceLifeForm]

s/in actually its offering/in actuality its offering/

Same correction I posted on groklaw, but never applied to original text.

PJ is busy, ya know?

Mod parent up

This is also pointed out in TFA.

Re:Google Says...

[crazycheetah]

RTFA. GSA says that Google's is certified. If there's anyone to believe in this case, it is the GSA.

Re:Crowd pleasing article

[initdeep]

having one product FISMA certified does not immediately make other products "utilizing the same platform" fall under the same certification.
The certification process explicitly states which exact products are certified when it is given.
This is why Google has asked that the certification be updated to include the Google Apps for Government.

Thus, the Google Apps for Government is not, currently, FISMA certified, although it appears to be in the process of obtaining such certification.

Re:And she thought that groklaw was not worth doin

[Anthony+Mouse]

That seems unwise. If they pay her then all we'll ever hear is how she's on their payroll, regardless of the quality of the work she does.

If the problem is money then if anything, we should pay her. Anyone feel like starting a "Save Groklaw" fund?

Microsoft never claimed it HAD certification

[krizoitz]

Google claimed certification which it did not have, at best a mistake, at worst a lie. Microsoft did NOT claim certification but is working with the DOI to become certfied. No FUD, just facts.

Re:Microsoft never claimed it HAD certification

Google's offering was FISMA certified (according to the GSA which handles FISMA certification). Microsoft lied and started a blog war saying Google lied about their certification. In addition, Microsoft was never certified and yet the Department of the Interior chose them over Google which is illegal. For more details read TFA.

Re:Microsoft never claimed it HAD certification

[man_of_mr_e]

Microsoft did not say Google apps for government was certified. It said the Department of justice made that claim in official court documents, which it in fact did. Since many of the documents were sealed, and there was no evidence that countered the DOJ's claim, one cannot say that Microsoft intentionally lied.

Re:Microsoft never claimed it HAD certification

[man_of_mr_e]

That should read Microsoft did not say Google apps for government was NOT certified.

Quiet, citizen!

[atari2600a]

Learn your place & buy Microsoft(TM) or we'll turn you off!

Re:Crowd pleasing article

Not "utilizing the same platform." It is the same platform. The only difference is where the data is located.

Re:Crowd pleasing article

FTFA:

We [Google] take the federal government's security requirements seriously and have delivered on our promise to meet them. What's more, weve been open and transparent with the government, and it's irresponsible for Microsoft to suggest otherwise.

Let's look at the facts. We received FISMA authorization for Google Apps from the General Services Administration (GSA) in July 2010. Google Apps for Government is the same technology platform as Google Apps Premier Edition, not a separate system. It includes two added security enhancements exclusively for government customers: data location and segregation of government data. In consulting with GSA last year, it was determined that the name change and enhancements could be incorporated into our existing FISMA certification. In other words, Google Apps for Government would not require a separate application.

This was reflected in yesterday's Congressional testimony from the GSA: "...we're actually going through a re-certification based on those changes that Google has announced with the 'Apps for Government' product offering."

FISMA anticipates that systems will change over time and provides for regular reauthorization -- or re-certification -- of systems. We regularly inform GSA of changes to our system and update our security documentation accordingly. The system remains authorized while the changes are evaluated by the GSA. We submitted updates earlier this year that included, among other changes, a description of the Google Apps for Government enhancements.

Dept of Interior and IT

[AbrasiveCat]

Boy, talk about a agency with a bad record for IT issues. Isn't DOI the agency that was told by a court to disconnect from the Internet for their miss-dealing with the Indian Nations. Bozos. http://www.ibls.com/internet_law_news_portal_view.aspx?s=latestnews&id=2352 Yea I can believe they made the choice before they let the RFQ.

Standards games

[jmorris42]

All vendors play these games, Nicrosoft just happens to be damned good at it.

Remember their EAL certification on NT? So long as there wasn't a network port or floppy drive installed on the machine, that part buried in the fine print of course.

Or adding the POSIX subsystem to NT to meet a bid spec. Because of course whoever wrote the spec never imagined somebody would write a whole POSIX implementation, get it certified POSIX and then just ignore it. Because I don't think anyone can point to a single damned application that was ever ported into NT's POSIX subsystem and actually deployed. The whole thing was such a scam they actually used the GNU tools to get it up and going as quick as they did, even had source available to comply with the GPL. Guess it wasn't a cancer when it was helping them scam the Department of the Navy.

Or Office supporting a standard file format.... not. They damned near destroyed the ISO bribing and manipulating the standards process to get a standard they don't actually make an effort to implement. Because as bad as OOXML is it is a standard and if they adhered to it interopeability might result and that would be the end of their monopoly.

Re:Crowd pleasing article

I didn't even read TFA yet I guessed that, one post above yours. Man, the people here are dumb. Do they even know what Google Apps is at all? Even if GAfG wasn't the same platform, and the FISMA process rated things that did not change with GAfG, it would still undoubtedly qualify.

Re:And she thought that groklaw was not worth doin

[WindBourne]

Hmmm. Good points.

Not True

The governmental version of BPOS is FISMA certified. Check before you buy.

Re:And she thought that groklaw was not worth doin

[BasilBrush]

As far as I recall, money isn't the issue. She just wants to move on and do something else with her life. Which is understandable.

FISMA

F**k
It
See
My
Attorney

Re:Crowd pleasing article

[nosferatu1001]

GSA confirmed it was covered by the same certification.

M$ spreading FUD & Lies?

[garry_g]

Now that's something new ... has never happened before, better take note!

Point: completely missed?

The point is that MS does not have FISMA certification, yet MS solutions are somehow already in place where FISMA certified solutions are required. Of course MS never drew attention to its own certification, so MS would never make any claims about themselves. But to call out someone else on it when they aren't in a position to be making any noise shows some real stupidity on their part.

Not quite

[DragonWriter]

The reason MS falsely claimed that Google wasn't certified was to deflect attention away from their own lack.

Untrue. FISMA certification in advance was not a requirement, and so was irrelevant to the contract at issue. MS raised the issue about Google to distract attention from the fact that Google's substantive claims about the contract being improperly given to Microsoft without allowing competing bids was correct.

The award wasn't based on FISMA certification!

That spin isn't correct. The Interior Department chose Microsoft for a number of reasons, base on their current needs. FISMA certification didn't play into it.

In the process of challenging that award, Google boasted that its cloud solution is FISMA certified, which is stretching the truth. An earlier version of a very similar product WAS certified, but their dedicated government product is slightly different. Under FISMA rules, those slight differences need separate review, which has not yet been conducted.

The the crux of the issue is that Google claimed "certification" when what they really have right now is likely FISMA compliance.

Full issue is covered well in this IDC Government Insights Blog, which states that GSA has declined to confirm FISMA compliance for the Google Apps for Government product suite. http://idc-insights-community.com/posts/225609a969