Last week, as iTWire and other tech outlets reported, the ASD had issued a consumer guide containing a number of fiats about the services that Microsoft claimed to have received Protected status for on 3 April.
The company contested this, issuing a long statement to iTWire.
The ASD's reaction to a query from iTWire, asking why it had issued a consumer guide three days after Microsoft announced it had gained Protected status, was to only point out that issuing such a guide was not uncommon, leading to the conclusion that there was no concern over the granting of the Protected status to Microsoft.
In response to the query from iTWire, asking why the consumer guide had been issued — as no guide has been issued when the other four companies that have gained Protected status were certified — a Defence spokesperson did not directly answer the question, only pointing out that this was not the first time such a guide had been issued.
"This is not the first time ASD has produced Consumer Guides. ASD released a Consumer Guide for Apple iOS devices at Protected to aid secure configuration by government consumers," the spokesperson said.
"The ACSC works with providers to ensure guidance is provided to government agencies on how to consume the services in a more secure manner to meet business and risk objectives."
But in a comment to another news website, Defence stood by the fiats in the consumer guide issued by the ASD, "confirming more work is required on Microsoft’s side before Azure reaches an appropriate comfort level".
Adding to the confusion was a statement made by Alastair MacGibbon, national cyber security adviser and ASD deputy director-general to the InnovationAus website, saying he was "very, very satisfied" with the measures Microsoft had taken to mitigate risk and gain Protected status for some of its Azure Cloud and Office 365 services.
InnovationAus also reported that what appeared to be a "seemingly radical change in government cyber policy in relation to its cloud accreditation program has been a hotly discussed topic at the Australian Cyber Security Centre conference in Canberra" last week.
