Earlier this week, Google announced a new edition of its white label Software-as-a-Service (SaaS) offering Apps (formerly Apps for Domains): Google Apps for Government.
The new edition, which costs $50 per user per year, includes some special security features to comply with US regulations.
Thanks to these features Google Apps for Government is the first SaaS suite to receive the US Federal Information Security Management Act (FISMA) certification:
FISMA assigns specific responsibilities to federal agencies, the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) in order to strengthen information system security. In particular, FISMA requires the head of each agency to implement policies and procedures to cost-effectively reduce information technology security risks to an acceptable level…
FISMA requires that agencies have in place an information systems inventory. According to FISMA, the head of each agency shall develop and maintain an inventory of major information systems (including major national security systems) operated by or under the control of such agency. The identification of information systems in an inventory under this subsection shall include an identification of the interfaces between each such system and all other systems or networks, including those not operated by or under the control of the agency. The first step is to determine what constitutes the “information system” in question. There is not a direct mapping of computers to information system; rather, an information system may be a collection of individual computers put to a common purpose and managed by the same system owner. NIST SP 800-18, Revision 1, Guide for Developing Security Plans for Federal Information Systems provides guidance on determining system boundaries…
Google Apps for Government stores Gmail and Calendar data in a segregated system located in the continental United States, exclusively for our government customers.
On top of that Google already announced plans to deliver additional unique capabilities to this edition to meet Government requirements.
Interestingly, Google App for Government is one concrete example of so called Community Cloud, the fourth deployment model, along with Public, Private and Hybrid clouds, defined by the NIST.