Human Resources and Security Specialists should use this tool to determine the correct investigation level for any covered position within the U.S. Federal Government.
Visit this federal site to search for our regulatory notices, proposed and final rules.
See the latest tweets on our Twitter feed, like our Facebook pages, watch our YouTube videos, and page through our Flickr photos.
Welcome! We are committed to recruiting and retaining a world-class workforce for the American people.
Take a look at our blogs and share with others. Once you are on a particular blog page, you can give us the thumbs up. Connect with Acting Director Cobert on Twitter: @OPMDirector and Facebook.com/OPMDirector. Also, find us on other social media channels.
It’s been an exciting and busy first two weeks for me as the new Acting Director of the U.S. Office of Personnel Management. I will be regularly using this space to share the latest news about what we are doing to address one of my top priorities for OPM – our response to the recent cybersecurity incidents. As we make progress on this front, I also will be highlighting the achievements of OPM’s dedicated team that is working every day to fulfill the agency’s mission: to recruit and develop a world-class Federal workforce.
First, this week we were able to bring back online the system that we use to process background investigation forms for Federal employees and Federal job applicants. We had shut down the e-QIP system temporarily on June 26 after we discovered a vulnerability during a comprehensive security review of OPM’s information technology systems. Even though we didn’t find any malicious activity, we took this step in order to be proactive and to fortify the system’s security controls.
Cybersecurity expertise from across the Federal and private sectors was brought to bear to remediate and test the e-QIP system. Thanks to the hard work of OPM staff, in collaboration with our interagency partners at the Department of Homeland Security and the Office of Management and Budget, we were able to bring the system back online with enhanced security features in less than four weeks.
Second, we continue to build on our efforts to support members of the Federal family whose personal information was stolen in the cyberintrusions. We have just added some helpful features to our online resource center at opm.gov/cybersecurity in response to feedback from users.
The website is now easier to navigate and specific information is easier to find. We’ve added a “Recent Updates” section and a “Stay Informed” feature, plus tools such as an RSS feed allowing users to get automatic alerts when new information is posted. Our agency partners and outside organizations can now place a digital badge on their own websites that will link their users to OPM’s online resource center. Please visit this website to get the most current information about the incidents and about steps individuals can take to protect themselves from cybercrime.
Being new to OPM, I recently took the agency’s IT Security and Privacy Awareness Training. The training was a good reminder that using cybersecurity best practices is a responsibility we all share and that we must remain on guard against phishing emails and other threats that are ever present in today’s digital workplace.
Even as we keep cybersecurity front and center, I am looking forward to working with our talented and hard-working team at OPM to fulfill the agency’s mission of supporting and providing exceptional service to our Federal family. We have multiple plans and programs underway to improve the hiring process for Federal jobs, to develop top-drawer training and leadership programming, and to collect and process rich data sets that lead to greater employee engagement, to name just a few. The Federal Government is counting on OPM to deliver. And I know that we will.
Leading the Office of Personnel Management has been the highlight of my long career in public service. The OPM family is comprised of some of the most dedicated, capable and hardworking individuals in the Federal Government. Each of them does so much in service of our country – whether it is through protecting our security by conducting background investigations; working to ensure Federal employees and their families have the best possible health coverage available; or working to assist our Federal retirees and their families in the smooth processing of their annuities.
I am so grateful to all of them.
Yesterday I informed OPM employees that I am stepping down as the Director of this remarkable agency and the remarkable people who work for it. Yesterday morning, I offered, and the President accepted, my resignation. I conveyed to the President that I believe it is best for me to step aside and allow new leadership to step in, enabling the agency to move beyond the current challenges and allowing the employees at OPM to continue their important work.
While my team and I have accomplished much together, in particular, I’m proud of the work we have done to develop the REDI (Recruitment, Engagement, Diversity and Inclusion) initiative and our IT Strategic Plan. These efforts have transformed our ability to serve our customer agencies and ensure that the Federal Government is able to attract, hire, engage, and develop a talented and diverse Federal workforce.
I am honored to have led this organization and to have served alongside the incredible team at OPM. I have complete confidence in their ability to continue fulfill OPM’s important mission of recruiting, retaining and honoring a world-class workforce to serve the American people.
Today, we at the U.S. Office of Personnel Management (OPM) released additional information about a recent cyber incident that affected the background investigation records of current, former, and prospective Federal employees and contractors. It is critical that all of OPM’s constituents, – most importantly – those who are directly impacted by these breaches receive information in a timely, transparent, and accurate manner. As I have said before, we take these incidents extremely seriously and, accordingly, are taking a number of steps to address both our cybersecurity and our process going forward.
First, to help ensure the security and integrity of our systems and to assist with the response to recent incidents, I have brought to OPM experts in cyber security and management from both inside and outside of government. In particular, I have created a new cybersecurity advisor position and will have more information on this in the coming days. In addition, in recent weeks, we brought to OPM a team of technical experts who have spent countless hours conducting a diligent investigation and a comprehensive review of systems. Finally, because I believe it is important to hear from a variety of perspectives when addressing dynamic cybersecurity threats, I am consulting with Chief Information Officers and other leading experts from technology firms and other private companies that have experienced their own cyber incidents, to discuss the collective challenges we face and hear their advice.
Second, and as described more fully in today’s press release OPM will be providing a comprehensive suite of credit and identity theft monitoring and protection services for background investigation applicants and non-applicants whose Social Security Numbers and other sensitive information were stolen. Individualized notification packages offering these services, with further details on the incident, will be sent in the coming weeks. We will be incorporating lessons learned and feedback from stakeholders about the notification process just completed for a related cybersecurity incident.
Third, OPM believes it is important to focus on the service we provide our customers. To that end, OPM is launching new resource efforts to maintain continued contact with our constituents. OPM has established an online cybersecurity incident resource center at https://www.opm.gov/cybersecurity to offer information regarding materials, training, and useful information on best cyber practices. In the coming weeks, OPM will also open a call center to respond to inquiries and give more assistance. In the interim, individuals are encouraged to visit https://www.opm.gov/cybersecurity.
Fourth, from the beginning of my time as the Director of OPM, I have made cybersecurity a top priority and will continue to do so. OPM continues to take aggressive action to strengthen its broader cyber defenses and IT systems. To this end, in June, OPM identified 15 new steps to improve security, leverage outside expertise, modernize its systems, and ensure internal accountability in its cyber practices. These 15 steps are in addition to 23 actions already taken to strengthen cybersecurity since the beginning of my tenure at OPM. I have also initiated a comprehensive review of the security of OPM’s IT systems to identify and immediately mitigate any other vulnerabilities that may exist. That review is ongoing.
Fifth, I realize that OPM’s cyber security efforts must also come in the broader context of the government’s IT systems. The Federal government, led by the Office of Management and Budget, is taking aggressive actions to continually strengthen its cyber defenses, and all agencies are currently engaged in a 30-day cybersecurity sprint, whereby immediate steps are being taken to further protect information and assets and improve the resilience of Federal networks. OPM is fully engaged in this effort.
Finally and importantly, OPM will participate, along with our interagency Suitability and Security Performance Accountability Council partners, in a 90 day review of key questions related to information security, governance, policy, and other aspects of the security and suitability determination process, to ensure that it is conducted in the most efficient, effective and secure manner possible.
Cybersecurity incidents are unfortunately not without precedent. As the President has made clear, cybersecurity is one of the most important challenges we face as a Nation. In working together across OPM and across the Federal government, I will continue to take aggressive steps to support efforts to improve Federal cybersecurity and to develop new policies and capabilities to identify, defend against, and counter malicious cyber actors.
As our hardworking Federal workforce enjoys a much-deserved holiday weekend, I want to share a quick update on the ongoing investigation into the recent theft of information from OPM’s networks.
For those individuals whose data may have been compromised in the intrusion affecting personnel records, we are providing credit monitoring and identity protection services. My team has worked with our identity protection contractor to increase staff to handle the large volume of calls, and to dramatically reduce wait times for people seeking services. As of Friday, our average wait time was about 2 minutes with the longest wait time being about 15 minutes.
Thanks to the tireless efforts of my team at OPM and our inter-agency partners, we also have made progress in the investigation into the attacks on OPM’s background information systems. We hope to be able to share more on the scope of that intrusion next week, and in the coming weeks, we will be working hard to issue notifications to those affected.
I want you to know that I am as concerned about these incidents as you are. I share your anger that adversaries targeted OPM data. And I remain committed to improving the IT issues that have plagued OPM for decades.
One of my first priorities upon being honored with the responsibility of leading OPM was the development of a comprehensive IT strategic plan, which identified security vulnerabilities in OPM’s aging legacy systems, and, beginning in February 2014, embarked our agency on an aggressive modernization and security overhaul of our network and its systems. It was only because of OPM’s aggressive efforts to update our cybersecurity posture, adding numerous tools and capabilities to our networks, that the recent cybersecurity incidents were discovered.
I am committed to finishing the important work outlined in my Strategic IT Plan and together with our inter-agency partners, OPM will continue to evaluate and improve our security systems to make sure our sensitive data is protected to the greatest extent possible, across all of our networks.
We are living in an era where cybersecurity must be a priority in our lives at work and at home. I encourage you to take some time to learn about the ways you can help protect your own personal information. There are many helpful resources available on our website.
I’m wishing you a safe and relaxing 4th of July weekend.
As our team at OPM continues to work tirelessly to fortify our data systems with stronger security upgrades, I wanted to notify our Federal family that we have taken the e-QIP system offline temporarily. E-QIP is a web-based platform used to complete and submit background investigation forms.
I recently ordered a comprehensive review of the security of OPM IT systems. During this ongoing review, my team and our interagency partners identified a vulnerability in the e-QIP system. Out of an abundance of caution, I have asked that the system be taken offline until stronger security enhancements are implemented.
I want to be clear that we are proactively taking this action to ensure the ongoing security of our network. This decision was not in response to direct malicious activity on this network, and there was no evidence that the vulnerability was exploited by an adversary.
While we add these security enhancements to the network, we expect the e-QIP system could be offline from four to six weeks. All of us at OPM recognize and regret the impact this action will have on both users and agencies, but please know that the team is working hard to quickly implement these security upgrades so that we can resume this service as soon as it’s safe to do so. In the meantime, we will be working with our partner agencies on alternative approaches to meet the needs of our customers.
I want to personally apologize for the inconvenience, but know that we take very seriously the responsibility OPM holds in securing Federal employee data. Improving OPM’s IT security posture is the utmost priority as we work to recruit, engage, and honor America’s talented and hardworking Federal workforce.
There was an unexpected error when performing your action.
Your error has been logged and the appropriate people notified. You may close this message and try your command again, perhaps after refreshing the page. If you continue to experience issues, please notify the site administrator.