Microsoft, Google spar over federal contract

"Google Apps for Government is the same system with enhanced security controls that go beyond FISMA requirements. As planned we're working with GSA to continuously update our documentation with these and other additional enhancements," said David Mihalchik, business development executive for Google Federal.

"This case is about the Department of Interior limiting its proposal to one product that isn’t even FISMA certified, so this question is unrelated to our request that DOI allow for a true competition when selecting its technology providers," he added. 

The back-and-forth between the two firms is another sign of their growing animosity; Microsoft recently filed a complaint accusing Google of antitrust violation with the European Commission and helped lead a coalition against the Google's purchase of travel search provider ITA Software.

The incident also highlights the debate over FISMA, which is widely acknowledged by lawmakers and cybersecurity experts to be out-of-date and overly focused on compliance rather than actively deterring security threats. Howard disputed that conventional wisdom.

"I’ll be the first to grant that FISMA certification amounts to something," Howard said.

"The Act creates a process for federal agencies to accredit and certify the security of information management systems like e-mail, so FISMA-certification suggests that a particular solution has proven that it has met an adequate level of security for a specific need."

In his post Howard argues that not having FISMA certification demonstrates a product may not meet the government's threshold for information security. Google was quick to respond that Microsoft's email offering isn't FISMA certified.