The Senate Committee on Homeland Security and Governmental Affairs grilled acting Office of Personnel Management director Beth Cobert for more than two hours on Feb. 4 in a confirmation hearing to decide whether to make her job permanent.
Senators questioned Cobert over a litany of issues, from last summer's data breach to federal employee morale, but prominent issues rose to the surface, providing some insight into OPM operations.
Here's a look at the top five:
1. The OPM data breach
It wouldn't be a hearing on OPM without addressing the massive cyber breach that has affected 21.5 million federal employees and dependents.
The committee visited the topic multiple times over the hearing, with Cobert providing some updates, reiterating the agency's push to provide employee credit protection and improve its IT structure.
But Sen. Rob Portman, R-Ohio, chose to focus on the national security implications of the breach, asking Cobert about how the agency has addressed protections on that front.
"Since the time of the breach, we at OPM have been working very closely with the intelligence community," Cobert said. "The [National Counterintelligence and Security Center], the part of the [Director of National Intelligence] that works on this, has put out materials to guide individuals on how to think about what these risks are."
Cobert said that OPM continues to follow the lead of the intelligence community and law enforcement as part of an "ongoing partnership" to provide affected employees with information related national security risks as part of the breach.
Portman also asked about the biometric data stolen, such as fingerprints, to which Cobert said an interagency team has been examining the impact of the stolen biometric data, an effort she said was ongoing.
2. The Chaffetz subpoena
House Oversight committee chair Rep. Jason Chaffetz, R-Utah, made waves on Feb. 3 by issuing a subpoena of OPM for documents related to the breach. Chaffetz said in a statement that the agency was not cooperating with the committee's request for information.
Sen. James Lankford, R-Okla., and committee chair Sen Ron Johnson, R-Wisc., asked Cobert about the source of Chaffetz's complaint and why the agency was unable to fulfill the request.
The OPM director said she hadn't been able to examine the specifics of the subpoena, which Johnson said revolved around who first discovered the breach, security firm CyTech or OPM itself.
Cobert said the agency had offered Chaffetz an in-camera review of documents out of increased security concerns within the agency, but it has been working with the committee to get them the information.
"We've been doing that in some cases because we have been very concerned, given the past experience at OPM, about security issues related to our systems," she said. "We are very cautious about our documents internally and everywhere else."
Johnson also addressed Sen. David Vitter's, R-La., threat to hold up Cobert's nomination over OPM's delay on providing him documents about the agency's guidance to enroll congressional staff in the D.C. Small Business Health Option Program for healthcare coverage.
Cobert said the decision to include staff in the small business exchange happened before her time.
3. Inspector general recommendations
Senators also asked Cobert about OPM inspector general Patrick McFarland's recommendations to the agency that had gone unfulfilled.
Sen. Kelly Ayotte, R-NH, said McFarland had identified three core deficiencies with OPM's IT security—security governance, IT systems operating without valid authorization and concerns over technical security controls—and asked Cobert where the agency was in implementing those.
Cobert said OPM was methodically addressing the IG's report, as well as from other agencies, like US-CERT, who is also advising IT improvements.
"We have a process of working our way through each of those specific recommendations," she said. "We have put in place changes around IT security governance, including the creation of a new chief of a new information security officer position.
"We are working through the specifics of those authorizations and have a team in place to work through those in a prioritized way, starting with the high-value assets."
Cobert said OPM had been able to close some Federal Information Security Management Act recommendations and would continue to work on others.
4. The NBIB
OPM announced in late January that it was forming a new office to handle all background investigations for federal agencies called the National Background Investigations Bureau.
Senators repeatedly asked Cobert how the new agency, which will absorb the current Federal Investigative Service, will be able to better handle the backlog of investigations and security.
Cobert said that DoD would handle IT security for the NBIB, improving information protection, while working with developing new models for investigations.
Lankford pressed Cobert on whether the NBIB would use the federal workforce to handle investigations or continue to use contractors, who were susceptible in the data breach.
"We are going to continue to have a balance between the two," she said. "Because some of the ways this work actually plays out in the field, the most effective way to do it is to have contractors, because demand is variable."
5. The workforce
The most layered and frequent inquiry revolved around how Cobert would manage the workforce, including employee engagement and millennial recruitment, accountability and program management.
Cobert said recent SES reform provided both incentives for executive and accountability measures to address breakdowns in the past, like the problems at the VA.
In improving engagement, the director pointed to metrics improvements with the Federal Employee Viewpoint Survey and Unlocktalent.gov.
Senators also pushed for Cobert to improve USAjobs.gov, which has a reputation for complexity for applicants.
"My sense is there is still a lot of bad customer experience there," Portman said.
Cobert said OPM had a "series of enhancements" to the website that would roll out throughout 2016.
"I would say that we are in the middle of the process of improving that customer experience," she said. "We've made some changes, but we are not where we need to be."