The Navy violated contracting regulations, misrepresented security costs and has failed to follow Defense Department security procedures in the service controls access to its installations, according to a Pentagon Inspector General (IG) report released this week in the wake of the Sept. 16 fatal shootings at the U.S. Navy Yard in Washington.

“(The) Navy Commercial Access Control System (Ncacs) … did not effectively mitigate access control risks associated with contractor installation access,” says the report, “Navy Commercial Access Control System Did Not Effectively Mitigate Access Control Risks,” which was also dated Sept. 16 and initially slated “for official use only” release.

The failure occurred, IG says, “because commander, Navy Installations Command (Cnic) officials attempted to reduce access control costs. As a result, 52 convicted felons received routine, unauthorized installation access, placing military personnel, dependents, civilians and installations at an increased security risk. Additionally, the Cnic N3 antiterrorism officer (N3AT) misrepresented Ncacs costs. This occurred because Cnic N3AT did not perform a comprehensive business-case analysis and issued policy that prevented transparent cost accounting of Ncacs. As a result, the Navy cannot account for actual Ncacs costs, and DOD (Defense Department) components located on Navy installations may be inadvertently absorbing Ncacs costs.”

Lacked oversight

Furthermore, IG reports, “Cnic N3AT officials and the Naval District Washington Chief Information Officer circumvented competitive contracting requirements to implement Ncacs. This occurred because Cnic N3AT did not have contracting authority. As a result, Cnic N3AT spent over $1.1 million in disallowable costs and lacked oversight of, and diminished legal recourse against, the Ncacs provider.”

IG recommends Cnic replace the current Rapidgate security system with a system that “uses the mandatory databases and revise Cnic policy and guidance to align with federal and Pentagon credentializing requirements.”

IG also recommends Cnic establish a process to identify and provide commanders with resources and capabilities to access required authoritative databases.

Additionally IG recommends the director, Shore Readiness and deputy, chief of naval operations – Fleet Readiness and Logistics – obtain an independent, comprehensive business-case analysis of Ncacs and determine future actions for contractor installation access.

Corrective action plan

IG also recommends a review be made of Cnic N3AT officials for possible administrative actions, if appropriate.

Finally, IG recommends the assistant secretary of the Navy for Research, Development and Acquisition review appropriate contracting practices and establish a corrective action plan.

The IG notes the Navy plans to take actions in line with some of the recommendations included in the report, such as improving security measures and better aligning the way it provides credentials with overall Defense Department procedures.

“The DoD IG report released Sept. 16 is focused on the Navy Commercial Access Control System (Ncacs), which provides for base access privileges of vendors, contractors, suppliers, and service providers. Contractors who need continued, enduring access to government facilities and information systems are typically issued Common Access Cards (CACs) and are not vetted through NCACS,” a Navy official says.

“Since 2012, the Navy has been working with DOD IG to support their review of the Ncacs,” the official says. “The Navy is reviewing the final report and its recommendations.”