Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Future of Government Data Centers
- The Future of IT: How CIOs Can Enable the Service-Oriented Enterprise
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Mitigating Insider Threats in Virtual & Cloud Environments
- Modern Mission Critical Series
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
- Air Traffic Management Transformation Report
- Cloud First Report
- General Dynamics IT Enterprise Center
- Gov Cloud Minute
- Government in Technology Series
- Homeland Security Cybersecurity Market Report
- National Cybersecurity Awareness Month
- Technology Insights
- The Cyber Security Report
- The Next Generation Cyber Security Experts
Shows & Panels
IG cites major flaws with Navy's vetting of contractors
Tuesday - 9/17/2013, 6:31pm EDT
The Navy Commercial Access Control System (NCACS) used a system known as Rapidgate — developed by a company called Eid Passport — to conduct background checks and manufacture security credentials for certain contractor personnel requiring access to Navy installations. However, the Defense Department Inspector General found the system failed to comply with federal standards and the background checks were conducted using only publicly accessible databases.
The security of Navy installations was thrown into the spotlight Monday after 34- year-old contractor Aaron Alexis entered the Washington Navy Yard Monday morning where he shot and killed 12 people before he died in an exchange of gunfire with police. An Associated Press report, however, indicates that Alexis, a Navy veteran, had a higher-level "secret" clearance, and the system criticized by the DoD IG's office was not used to evaluate him.
Still, the internal report found issues with the system — including ineffective background checks — put Navy personnel, civilians and other contractors "at an increased security risk."
Under federal guidelines, government employees and contractors who require routine physical access to military installations for more than six months are required to undergo a comprehensive background investigation and be issued what's known as a Personal Identity Verification (PIV) credential.
However, Navy officials decided to issue PIV credentials only to those contractors requiring both physical access to Navy bases as well as access to Navy IT networks. Other contractors were eligible for the Rapidgate system.
The IG recommended the commander of Navy Installations Command discontinue the use of the Rapidgate system because of its reliance on public records to vet contractors.
"The results of the checks were subject to the reliability of the public records searched, which were not always up-to-date," the IG's report stated.
That allowed 52 convicted felons access to Navy installations for between 62 and more than 1,000 days. For example, one contractor employee, who was issued a Rapidgate credential in June 2009, had "unescorted access" to a base for 1,035 days before a renewal check in April 2012 turned up a felony conviction for conspiracy to distribute cocaine" dating to 2000.
The Navy, however, disagreed with the IG's recommendation, stating that the Navy's current system meets federal standards. Discontinuing the current system would also mean "long lines at Navy access points, resulting in productivity loss for contractors doing business on Navy installations, and would require hiring additional civil servants to work in base pass offices," according to Navy comments included in the IG report.
The watchdog report also raises several questions about the contracting practices surrounding the Rapidgate system. Navy officials, including the Commander of the Navy Installations Command's chief information officer and the director of the command's anti-terrorism office, failed to properly account for the system's costs and sidestepped competitive contracting requirements. The report revealed that the company behind the Rapidgate system, Eid Passport, has been providing services to the Navy since November 2012 without a contract.