The Office of Personnel Management brought the system to apply for security clearance background checks back online Thursday.
OPM took the Electronic Questionnaires for Investigations Processing system — the Web platform, better known as e-QIP, used to complete and submit background investigation forms — offline June 26 to perform security enhancements after an investigation found a security vulnerability.
The agency was reviewing its IT systems in wake of a pair of hacks that compromised the personal information of more than 22 million current and former federal employees, and federal security clearance applicants. OPM said the vulnerability in the e-QIP system was not directly tied to the hacks.
“OPM took this step proactively, as a result of our comprehensive security assessment, to safeguard the ongoing security of the network,” OPM spokesman Sam Schumach said in a statement.
Less than four weeks later, which was the low-end estimate of how long the system would be offline, OPM has reinstated service.
“OPM is working closely with agencies to re-enable e-QIP users incrementally in an effort to resume this service in an efficient and orderly way,” Schumach wrote.
While e-QIP was down, OPM worked with the Office of Management and Budget’s Office of e-Government and Information Technology, the Department of Homeland Security and others cyber experts to enhance the system’s security, adding protections like enhanced password protections, secured data transmission within the application and other additional protections against external threats.
“Based on the security enhancements and the extensive testing that has been completed, OPM is re-enabling access to e-QIP with confidence in the security of the system,” Schumach said. “OPM remains committed to protecting the safety and security of the information of Federal employees and contractors, and will continue efforts to further enhance the security of our systems.”
The Professional Services Council, a group that represents government technology and services vendors, lauded the relaunch of the system many of its members depend on. Initially unhappy with OPM’s decision to take the platform offline, PSC President and CEO Stan Soloway said his organization remains cautious of the system’s security.
“As OPM restarts the system, we remain cautious because the recent data breaches show that even the best protected systems are vulnerable,” Soloway said. “We hope the fixes they are employing will also be secure so no other person has to suffer the uncertainty the nearly 25 million people affected by both of OPM’s breaches have already suffered.”