So Microsoft was lying as well?
An the plot thickens.
Microsoft's BPOS-Federal suite of online business applications has been certified for use by the US government. Which highlights the fact that it wasn't certified earlier. Earlier this month, Microsoft made headlines when it accused Google of making "misleading security claims" to the US government, an accusation that hinged …
Having sat through more than my fair share of BPOS sales pitches, they'll just about tell you the f'ing thing will mop your floors and cure cancer... and having migrated 40k seats to them I can assure you that they were stretching the truth *just* a little when they characterized their services as enterprise grade (just ask our users).
Of course, they are cheap - which tends to happen when you can give your software away. Notice I didn't say inexpensive or great value for the money.
For all the utility you might get from implementing the various security standards, the government certification process is less about implementing them than it is about getting the right paper pusher to sign the correct piece of paper. Said paper pusher not necessarily needing to be technically competent to evaluate it, or even competent to push his own paper.