Human Resources and Security Specialists should use this tool to determine the correct investigation level for any covered position within the U.S. Federal Government.
It’s been an exciting and busy first two weeks for me as the new Acting Director of the U.S. Office of Personnel Management. I will be regularly using this space to share the latest news about what we are doing to address one of my top priorities for OPM – our response to the recent cybersecurity incidents. As we make progress on this front, I also will be highlighting the achievements of OPM’s dedicated team that is working every day to fulfill the agency’s mission: to recruit and develop a world-class Federal workforce.
First, this week we were able to bring back online the system that we use to process background investigation forms for Federal employees and Federal job applicants. We had shut down the e-QIP system temporarily on June 26 after we discovered a vulnerability during a comprehensive security review of OPM’s information technology systems. Even though we didn’t find any malicious activity, we took this step in order to be proactive and to fortify the system’s security controls.
Cybersecurity expertise from across the Federal and private sectors was brought to bear to remediate and test the e-QIP system. Thanks to the hard work of OPM staff, in collaboration with our interagency partners at the Department of Homeland Security and the Office of Management and Budget, we were able to bring the system back online with enhanced security features in less than four weeks.
Second, we continue to build on our efforts to support members of the Federal family whose personal information was stolen in the cyberintrusions. We have just added some helpful features to our online resource center at opm.gov/cybersecurity in response to feedback from users.
The website is now easier to navigate and specific information is easier to find. We’ve added a “Recent Updates” section and a “Stay Informed” feature, plus tools such as an RSS feed allowing users to get automatic alerts when new information is posted. Our agency partners and outside organizations can now place a digital badge on their own websites that will link their users to OPM’s online resource center. Please visit this website to get the most current information about the incidents and about steps individuals can take to protect themselves from cybercrime.
Being new to OPM, I recently took the agency’s IT Security and Privacy Awareness Training. The training was a good reminder that using cybersecurity best practices is a responsibility we all share and that we must remain on guard against phishing emails and other threats that are ever present in today’s digital workplace.
Even as we keep cybersecurity front and center, I am looking forward to working with our talented and hard-working team at OPM to fulfill the agency’s mission of supporting and providing exceptional service to our Federal family. We have multiple plans and programs underway to improve the hiring process for Federal jobs, to develop top-drawer training and leadership programming, and to collect and process rich data sets that lead to greater employee engagement, to name just a few. The Federal Government is counting on OPM to deliver. And I know that we will.
As our team at OPM continues to work tirelessly to fortify our data systems with stronger security upgrades, I wanted to notify our Federal family that we have taken the e-QIP system offline temporarily. E-QIP is a web-based platform used to complete and submit background investigation forms.
I recently ordered a comprehensive review of the security of OPM IT systems. During this ongoing review, my team and our interagency partners identified a vulnerability in the e-QIP system. Out of an abundance of caution, I have asked that the system be taken offline until stronger security enhancements are implemented.
I want to be clear that we are proactively taking this action to ensure the ongoing security of our network. This decision was not in response to direct malicious activity on this network, and there was no evidence that the vulnerability was exploited by an adversary.
While we add these security enhancements to the network, we expect the e-QIP system could be offline from four to six weeks. All of us at OPM recognize and regret the impact this action will have on both users and agencies, but please know that the team is working hard to quickly implement these security upgrades so that we can resume this service as soon as it’s safe to do so. In the meantime, we will be working with our partner agencies on alternative approaches to meet the needs of our customers.
I want to personally apologize for the inconvenience, but know that we take very seriously the responsibility OPM holds in securing Federal employee data. Improving OPM’s IT security posture is the utmost priority as we work to recruit, engage, and honor America’s talented and hardworking Federal workforce.
Recently, you may have heard about a new internet security weakness, known as Heartbleed, which is impacting some websites. There is no indication that Heartbleed has been used against OPM.gov or that any personal information has ever been at risk. However, we are asking users to change their current password for e-QIP applications out of an abundance of caution to ensure the protection of your information.
There was an unexpected error when performing your action.
Your error has been logged and the appropriate people notified. You may close this message and try your command again, perhaps after refreshing the page. If you continue to experience issues, please notify the site administrator.