A Government Accountability Office (GAO) review has concluded that the Department of Defense (DOD) is unaware of the extent to which physical access control systems (PACS) are used at its installations because the Army, Navy, and Marine Corps have not monitored their use at more than 100 sites.
In November 2009, an Army officer shot 45 people at Fort Hood, Texas. Four years later, a Navy contractor shot 16 people at the Navy Yard in Washington, D.C. As a result, DOD increasingly uses PACS to screen people who want to enter military installations. The systems scan credentials and check them against FBI and other government databases.
DOD has issued guidance on accessing its domestic installations and strengthening PACS. The department has recently issued guidance directing the fielding of PACS and has fielded or plans to field such systems at domestic installations. The Defense Manpower Data Center (DMDC) developed the PACS used by the Air Force, the Navy, the Marine Corps, and the Defense Logistics Agency (DLA). The Army developed its own PACS. Both types of PACS electronically connect to DOD’s Identity Matching Engine for Security and Analysis (IMESA). IMESA accesses authoritative government databases to determine an individual’s fitness for access (i.e., whether an individual is likely a risk to an installation or its occupants), and continually vets this fitness for subsequent visits.
GAO found that the Air Force and DLA have monitored their installations’ use of PACS, but the Army, the Navy, and the Marine Corps have not. Army, Navy, and Marine Corps installation officials told GAO that they do not monitor PACS use at their installations because there is no requirement to do so. However, DOD, Army, Navy, and Marine Corps officials agreed that monitoring installations’ use of PACS would be beneficial and could be readily accomplished without significant cost using existing technology.
GAO’s August 22 report details the Army and DMDC’s tiered approach and notes that they have established helpdesks to address PACS technical issues such as charging and connectivity problems. The Army has also established performance measures and goals to assess its approach, which has improved the ability to resolve technical issues.
The review’s recommendations including monitoring installations’ use of PACS and developing appropriate performance measures and goals for resolving technical issues to improve PACS performance.
DOD concurred and stated that it is currently drafting a manual volume which will outline the overall requirements for implementing the PACS security program including monitoring the use of the systems. It is expected that this will be ready for use in the summer of 2020.