Objective
We determined whether the Navy Commercial
Access Control System (NCACS) was mitigating
access control risks for Navy installations.
Findings
NCACS did not effectively mitigate access control
risks associated with contractor installation
access. This occurred because Commander,
Navy Installations Command (CNIC) officials
attempted to reduce access control costs. As
a result, 52 convicted felons received routine,
unauthorized installation access, placing
military personnel, dependents, civilians, and
installations at an increased security risk.
Additionally, the CNIC N3 Antiterrorism office
(N3AT) misrepresented NCACS costs. This
occurred because CNIC N3AT did not perform
a comprehensive business case analysis and
issued policy that prevented transparent cost
accounting of NCACS. As a result, the Navy
cannot account for actual NCACS costs, and
DoD Components located on Navy installations
may be inadvertently absorbing NCACS costs.
Furthermore, CNIC N3AT officials and the
Naval District Washington Chief Information
Officer circumvented competitive contracting
requirements to implement NCACS. This
occurred because CNIC N3AT did not have
contracting authority. As a result, CNIC N3AT
spent over $1.1 million in disallowable costs
and lacked oversight of, and diminished legal
recourse against, the NCACS service provider.
Recommendations
We recommend CNIC replace Rapidgate with a system that uses the
mandatory databases and revise CNIC policy and guidance to align
with Federal and DoD credentialing requirements. Furthermore,
we recommend CNIC establish a process to identify and provide
commanders with resources and capabilities to access required
authoritative databases.
Additionally, we recommend the Director, Shore Readiness, Deputy
Chief of Naval Operations (Fleet Readiness and Logistics), obtain an
independent, comprehensive business case analysis of NCACS and
determine future actions for contractor installation access. We also
recommend the Director perform a review of CNIC N3AT officials and
consider administrative actions, if appropriate. We also recommend
the Assistant Secretary of the Navy (Research, Development, and
Acquisition), review the inappropriate contracting practices and
establish a corrective action plan.
Comments
Comments submitted for CNIC were nonresponsive regarding the
recommendations to replace Rapidgate with a system that uses the
mandatory databases, revise CNIC policy, and provide installations
with resources to access the mandatory databases. The Director,
Shore Readiness, Deputy Chief of Naval Operations (Fleet Readiness
and Logistics), comments were generally responsive. However, the
Director’s comments were partially responsive regarding the review
of CNIC N3AT officials. Comments submitted for the Assistant
Secretary of the Navy (Research, Development, and Acquisition)
were responsive. We request management provide additional
comments by October 18, 2013. See the Recommendations Table
on the back of this page.
This report is a result of Project No. D2013-D000LC-0008.000.