Microsoft called Google a liar. Turns out, Microsoft is wrong.

Google Apps for Government was, always has been, and still is certified under a government security spec called FISMA.

In case you haven't been following along, here's the basic story. The General Services Administration (GSA) gave FISMA certification to Google Apps Premier last year. A few months later, Google introduced a slightly different product called Google Apps for Government, and boasted that it was FISMA-certified.

Microsoft's competing product, BPOS-Federal, is not FISMA-certified.

Earlier this week, Microsoft found a court filing suggesting that the GSA's certification doesn't cover Google Apps for Government. Microsoft made a big deal out of it, and a U.S. Senator started looking into the issue.

But the GSA now says Microsoft is wrong. Here's their statement:

GSA certified the Google Apps Premier environment as FISMA compliant in July of 2010. Google Apps for Government uses the Google Apps Premier infrastructure, but adds additional controls in order to meet requirements requested by specific government agencies. The original FISMA certification remains intact while GSA works with Google to review the additional controls to update the existing July 2010 FISMA certification.

The GSA also explains that it treats changes in one of three ways:

1. The change is so minor that it does not trigger a review.



2. The change is noteworthy enough to be reviewed, but is not significant enough to require a new FISMA certification. The review focuses on the change itself and (if applicable) how the change interacts with the package as a whole. The certification remains for the original product, but is modified to include the change.



3. The change is significant enough to warrant an entirely new certification.

In this case, the GSA says it's #2.

All is fair in business and war, but when one company calls another a liar, that's a pretty serious accusation. Microsoft was wrong, and it owes Google an apology.