Microsoft's suite of hosted business applications for government -- its Business Productivity Online Suite (BPOS) F -- has recieved FISMA certification, Microsoft officials said on April 20.
The Federal Information Security Management Act (FISMA) specifies a “comprehensive framework to protect government information, operations and assets against natural or manmade threats.” Many federal agencies stipulate FISMA certification as a requirement for their IT solutions.
Just over a week ago, Microsoft and Google were locked in a war of words as to whose cloud solution, BPOS or Google Apps, was quicker to grab the FISMA certification crown. Google officials said last summer the company had achieved FISMA authorization for Google Apps from the General Services Administration (GSA), but didn't make it clear -- until Microsoft called them on the carpet -- that it was for Google Apps Premier Edition, rather than Google Apps for Government.
Microsoft had been seeking FISMA certification for BPOS-F since last year. The USDA granted the "Authorization to Operate" as FISMA certified to Microsoft on April 19. The USDA is deploying BPOS-F for its 120,000 employees.
Microsoft is going to have to reapply for FISMA certification for Office 365 once the company launches its BPOS successor (around early June, I am still hearing). It's not clear which Office 365 SKU for which Microsoft will seek certification, as the company hasn't made clear if it will have a specific "F" option for Office 365.
Update: Here's more information, posted to a Microsoft blog, from the Chief Technology Officer of SecureInfo (a company that does third-party assessments of FISMA compliance) on what goes into a FISMA certification.