In the aftermath of the NAVSEA (Naval Sea Systems Command) shooting last month, the Department of Defense is looking into its procedures for granting access to military installations to contractor personnel. This study will encompass both physical access and logical access (i.e. computer systems). "There are a ton of contractors running around military installations these days and its often difficult to distinguish them from civilian employees".
DoD has initiated a review of the procedures in place to allow through contract actions, logical and physical access by DoD contractors to its facilities and information technology systems. It is the Department's intent to ensure that DFARS (DoD FAR Supplement) and other guidance and information, adequately address and communicate the processes and controls required to secure its systems and facilities to both contractors and DoD representatives.
DoD is requiring every department that issues contracts, to submit the full text of all solicitation provisions and contract clauses that they currently include in their organization's solicitations and awards to address the procedures used to allow DoD contractors physical access to DoD facilities and logical access to DoD information technology systems. The Department will use this information to develop a framework for common language that can be used and implemented throughout DoD.
One of the biggest concerns, we were told, is the inability to recover access credentials (e.g. badges or CAC cards) from contractor personnel who no longer require access because their work was completed, the contract ended, or the employee was terminated or resigned. That weakness potentially allows unauthorized individuals access to Government facilities.
Contractors need to consider the cost associated with gaining access to Government facilities when preparing cost proposals. Its not usually an insignificant cost.