Microsoft: Office 365 for enterprises now FISMA-certified

Microsoft announced on May 3 that its Office 365 cloud-hosted app bundle has received the Federal Information Security Management Act (FISMA) nod from the Broadcasting Board of Governors.

FISMA certification is a requirement for many U.S. government contracts. FISMA specifies a “comprehensive framework to protect government information, operations and assets against natural or man-made threats.”

The Office 365 ITAR (International Traffic in Arms Regulation) SKU -- the rough equivalent to the dedicated  BPOS Federal SKU -- already was FISMA certified. (BPOS -- Microsoft's Business Productivity Online Suite -- is the predecessor to Office 365.) But prior to this week, the shared/multitenant Office 365 for enterprises wasn't FISMA certified.

"FISMA is important to our customers because it creates a process for federal agencies to certify and accredit the security of their information management systems," said Julia White, a Senior Director in the Microsoft Office Division, via an Office 365 blog post. "IT solutions with FISMA certification and accreditation have federal agency approval for their use in line with the level of security established by that agency."

Last year, Microsoft and Google, which offers Google Apps as a head-to-head competitor with Microsoft's bundle of hosted SharePoint, Exchange and Lync, traded barbs over when and whether each could claim FISMA certification.

Office 365's FISMA news comes the same week that the U.S. Department of the Interior announced it was going with Google Apps rather than Office 365 for a new, unified cloud-hosted e-mail system for its approximately 90,000 employees. The DOI's original request for proposal for the system stipulated FISMA compliance as one of the requirements for the contract, something which Microsoft didn't have with its cloud-hosted app bundle in 2010. FISMA certification also was a requirement for the updated version of the DOI contract.