Jump to content

e-QIP

From Wikipedia, the free encyclopedia
e-QIP form of John O. Brennan

e-QIP (Electronic Questionnaires for Investigations Processing) is a secure website managed by OPM that is designed to automate the common security questionnaires used to process federal background investigations. e-QIP was created in 2003 as part of the larger e-Clearance initiative designed to speed up the process of federal background investigations conducted by OPM's Federal Investigative Services (FIS). e-QIP is a front end data collection tool that has automated the SF-86, questionnaire for national security investigations as well as the SF-85P, the questionnaire for public trust positions.[1] e-QIP allows applicants for federal jobs to enter, edit and submit their investigation data over a secure internet connection to their sponsoring agency for review and approval.

Security clearance requirements

[edit]

An individual cannot apply for a security clearance. A cleared federal contractor or government entity must sponsor the individual. Additionally, the sponsored applicant must either (a) be an employee of or consultant for that cleared contractor, or (b) have received and accepted a written offer of employment from the cleared contractor, or (c) be a member of the United States Armed Forces, or (d) authorized federal employee. In the event of the applicant’s having an employment offer, that offer must also indicate that the applicant’s employment will begin within 30 days of receiving clearance.

A cleared contractor's Facility Security Officer (FSO) starts the process in two ways. First the FSO sends an investigation request through the Joint Personnel Adjudication System (JPAS). Second, the FSO has the employee complete a clearance application in the Electronic Questionnaires for Investigations Processing (e-QIP). After review and approval of that information, the FSO submits the completed e-QIP to the Defense Industrial Security Clearance Office (DISCO) for review. Once DISCO approves the information, it is sent on to Office of Personnel Management (OPM), which conducts the actual investigation and sends the findings back to DISCO. DISCO then either gives clearance, or forwards the results to Defense Office of Hearings and Appeals (DOHA) for further action.

e-QIP security breach

[edit]

In March 2014, a breach of security for the e-QIP system was detected. Press reports in July of that year attributed the exploit to "Chinese Hackers", James Clapper later confirmed this suspicion.[2][3] More than a year later, it was revealed that sensitive records for millions of federal workers and contractors was improperly accessed, and the OPM shut down the system for security work.[4][5]

Press reports suggest the information was retrieved using stolen credentials of an employee of KeyPoint Government Solutions, a privately owned provider of background check services for the government.[6][7] An OPM audit of KeyPoint's security practices found shortcomings in their practices.[8]

[edit]

References

[edit]
  1. ^ See, for example the kinds of questions in https://www.ors.od.nih.gov/ser/dpsac/badge/Documents/SF85%20Instructions%20for%20Completing4-6-09COLOR(16)BlocksOnlyNoHeader.pdf
  2. ^ "Chinese Hackers Pursue Key Data on U.S. Workers". New York Times. 2014-07-09.
  3. ^ Chabrow, Eric (2014-07-10). "U.S. Government Personnel Network Breached". govinfosecurity.com.
  4. ^ Levine, Mike (2015-06-29). "In Wake Of Hack, OPM Shutters System For Federal Background Checks". ABC News.
  5. ^ "OPM Reopens Online Federal Background Check System". NBC News.
  6. ^ Levine, Mike; Date, Jack. "Feds Eye Link to Private Contractor in Massive Government Hack". ABC News. Retrieved 2016-03-02.
  7. ^ Levine, Mike (2015-06-24). "Contractor Linked to OPM Hack Says 'Not Responsible,' As Questions Persist". ABC News.
  8. ^ Lyngaas, Sean (2016-02-18). "IG details OPM contractor's security flaws". FCW. Retrieved 2016-03-02.