Microsoft: Office 365 for enterprises now FISMA-certified

Microsoft: Office 365 for enterprises now FISMA-certified

Summary: Microsoft's Office 365 hosted app bundle is FISMA-certified, making it potentially more appealing to U.S. government customers.


Microsoft announced on May 3 that its Office 365 cloud-hosted app bundle has received the Federal Information Security Management Act (FISMA) nod from the Broadcasting Board of Governors.

FISMA certification is a requirement for many U.S. government contracts. FISMA specifies a “comprehensive framework to protect government information, operations and assets against natural or man-made threats.”

The Office 365 ITAR (International Traffic in Arms Regulation) SKU -- the rough equivalent to the dedicated  BPOS Federal SKU -- already was FISMA certified. (BPOS -- Microsoft's Business Productivity Online Suite -- is the predecessor to Office 365.) But prior to this week, the shared/multitenant Office 365 for enterprises wasn't FISMA certified.

"FISMA is important to our customers because it creates a process for federal agencies to certify and accredit the security of their information management systems," said Julia White, a Senior Director in the Microsoft Office Division, via an Office 365 blog post. "IT solutions with FISMA certification and accreditation have federal agency approval for their use in line with the level of security established by that agency."

Last year, Microsoft and Google, which offers Google Apps as a head-to-head competitor with Microsoft's bundle of hosted SharePoint, Exchange and Lync, traded barbs over when and whether each could claim FISMA certification.

Office 365's FISMA news comes the same week that the U.S. Department of the Interior announced it was going with Google Apps rather than Office 365 for a new, unified cloud-hosted e-mail system for its approximately 90,000 employees. The DOI's original request for proposal for the system stipulated FISMA compliance as one of the requirements for the contract, something which Microsoft didn't have with its cloud-hosted app bundle in 2010. FISMA certification also was a requirement for the updated version of the DOI contract.

Topics: Collaboration, CXO, Microsoft, Software


Mary Jo has covered the tech industry for 30 years for a variety of publications and Web sites, and is a frequent guest on radio, TV and podcasts, speaking about all things Microsoft-related. She is the author of Microsoft 2.0: How Microsoft plans to stay relevant in the post-Gates era (John Wiley & Sons, 2008).

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Ok... So what now?

    I guess it's a little too late to switch right?
  • Wait, so is Google Apps...

    Is the Google "solution" FISMA-certified? Or did Microsoft beat them to it?
    • mario.albertico, Yes

      Google apps is FISMA??certified
  • You can't beat free.

    I mean Google Docs are free right?
    • Google Docs

      Is a free service to consumers. Google Apps in this case is not a free service. Follow the link and you can learn a bit more about what Google Apps offers and see if it makes sense for you or not. I have customers using Office 365 and Google Apps for Business and Google Apps for Education. The only free product here is Google Apps for Education, though it is not a full product suite.
  • "FISMA Certified" is a misnomer

    Using the term "FISMA Certified" reflects a lack of understanding of what FISMA is about. Under FISMA, systems are Assessed (controls tested for operational effectiveness) and Authorized (explicite acceptance of residual risk). Just because one agency (i.e., GSA) Authorizes a system, it does NOT automatically make it acceptable for use by any federal agency.
  • CIA and Google

    Don't you know Google provides detailed dociers on people to the CIA upon request. I'm sure this is their way of saying thanks.