recommended reading

Procurement Sleight of Hand Gave Contractors Access to Naval Bases

A member of the Navy checks vehicles at a gate to the Washington Navy Yard.

A member of the Navy checks vehicles at a gate to the Washington Navy Yard. // Jacquelyn Martin/AP

This story has been updated throughout with detail.

The Navy Installations Command reached outside normal competitive channels to procure a flawed and risky commercial access control system that has allowed 65,000 contractors to routinely access its bases. The procurement process involved purchases on government credit cards 51 cents below the $2,500 maximum allowed, the Defense Department Inspector General said in a report released this week.

The Installations Command used a contract for a Navywide perimeter monitoring system run by the Naval Surface Warfare Center in Panama City, Fla., as the umbrella contract for the Navy commercial access control system, or NCACS, in 49 states and the Mariana Islands.  The command also tapped a contract for sensor systems run by the Naval Surface Warfare Center in Port Hueneme, Calif., to buy $9.9 million worth of handheld barcode scanners to check IDs at bases as part of the NCACS project, the IG reported.

The report also made it clear that the Installations Command outsourced base credentialing and background checks to a private contractor in order to save money.

In July 2010, the Installation Command selected the Rapidgate system developed by Eid Passport of Hillsboro, Ore., to vet contractor employees who needed routine base access for up to a year in place of the more secure Defense Department common access card issued to Aaron Alexis, an employee of a Hewlett-Packard Corp. subcontractor who killed 12 people at the Washington Navy Yard Monday.

The Rapidgate system consists of a registration station that takes a photo of the contractor and scans fingerprints, and a Web interface for submission of personnel information.

Eid Passport then uses a third party vendor to conduct a public records check, and when that is completed, issues a permanent ID badge, which a gate guard verifies with a handheld barcode scanner. The IG said that until that process is completed, contractor employees can receive temporary pass for 28 days.

The IG reported that flaws in the Rapidgate vetting process allowed 52 convicted felons to receive access to Navy installations ranging from 62 to 1,035 days, a lapse that “placed military personnel, dependents, civilians and installations at an unacceptable level of safety and security risks.”

Eid Passport sells its system on a subscription basis -- $159 for one employee to access a single base and $199 for multiple bases -- and the Installations Command, which does not have contracting authority, took advantage of this to procure seven subscriptions in April 2010 on a government purchase card through the General Services Administration.

The total price for those seven subscriptions came to $3,059; the IG said the Installations Command requested a price change authorization that resulted in a cost of $2,449.49, 51 cents below the Navy’s micro-purchase threshold.

To acquire NCACS for installations in the continental United States, Hawaii and the Marianas, in October 2011 the Installation Command directed 3e Technologies International of Rockville, Md., part of Ultra Electronics, to purchase eight Rapidgate subscriptions from Eid Passport under a contract run by the Naval Surface Warfare Center for a servicewide perimeter monitoring system, which would not include Rapidgate. Panama City contracting personnel were unaware of the Rapidgate subcontract, the IG said.

On Sept. 27, 2012, 3eTI subcontracted with Eid Passport for proprietary Rapidgate handheld scanners at the direction of the Naval District Washington Chief Information Officer through a contract with the Naval Surface Warfare Center in Port Hueneme for design, development, integration and testing of the critical infrastructure network.

The Port Hueneme contract did not cover the purchase of handheld scanners and the Port Hueneme contracting officer was unaware of the subcontract that the IG said was an “unauthorized commitment for out-of-scope work that would require use of competitive contracting procedures or a justification and approval for sole source.”

The Installations Command circumvented competitive contracting requirements in its acquisition of NCACS, the IG concluded.  In May 2012, the command issued a “sources sought” notice for vendors interested in a new phase of NCACS, but the notice stated no contract would be issued.

Eid Passport and Intellicheck/Mobilisa, a Port Townsend, Wash., company that supplies an access control system to the Army responded to the notice. Despite the fact that previous statements of work said Eid Passport vetted contractors against unreliable databases, the Installations Command determined only Eid Passport met its requirements and selected the company to continue work on NCACS.

The Installations Command pitched Rapidgate as a low-cost way to vet and provide IDs for contractors who do not require a CAC cards – such as delivery personnel – and estimated it would save $295 million over five years, as contractors would absorb the costs of the system, including subscription fees, with vetting and infrastructure outsourced to Eid Passport.

Contractors, meanwhile, planned to pass the costs of Rapidgate back to the Navy, with one Joint Strike Fighter contractor planning to add $1 million a year to its bill every year for five years to cover the costs of NCACS.

The IG said 9,657 companies with a total of 64,924 employees were enrolled in NCACS as of November 2011 and estimated Eid Passport took in $53 million a year that could be charged back to the Navy by contractors.  An analysis done by the Naval Supply Systems Command determined NCACS could potentially cost ten times more over ten years, the IG said.

The IG report concluded that “Rapidgate, did not effectively mitigate access control risks, and did so at a potentially exorbitant price to the Navy.” The IG also concluded that the command “took extraordinary measures to ensure the program continued to operate without contracting authority.”  The IG recommended that the command replace Rapidgate with a system that uses databases, such as the FBI’s National Crime Information Center, to vet contractor personnel.

The Installation Command in its Aug. 1 reply to the IG -- written six weeks before the Navy Yard attack -- said NCACS security checks “meet or exceed federal and DoD requirements for background vetting.”  The command added, “Discontinuing a successful system that has facilitated over 14,000,000 safe and secure visits will ensure there are unnecessarily long waiting lines at gates and access points . . . including some of our largest bases.”

Lt. Caroline Hutcheson, a Navy spokeswoman, said the service is in the process of reviewing the final report and its recommendations.

Sen. Claire McCaskill, D-Mo., said that based on her review of the IG report, NCACS “wasted money, allowed dozens of felons access to installations they should never have had, and utterly lacked competent oversight." She added, "It's clear that its existence constitutes an unnecessary danger to the Navy and its personnel, and it should be discontinued immediately.”

In a letter sent Tuesday to Navy Secretary Ray Mabus, McCaskill called out the service for allowing Eid Passport to conduct checks, despite its history of referring to unreliable databases and failing to include certain government databases.

She said the Navy Yard shooting “highlights the importance of complete, thorough background investigations of the contractors and subcontractors granted access to Navy installations” and asked for a briefing on contractor access to Navy installations on or before Friday, Sept. 27. 

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.