Internal Review of the Washington Navy Yard Shooting: A Report to the Secretary of Defense [open pdf - 2MB]
"At the time of the shooting, Aaron Alexis was a vetted member of the U.S. Navy Individual Ready Reserve and a defense contractor employee cleared to the Secret level. He was authorized access to the Washington Navy Yard and to Building 197 through the use of his DoD Common Access Card (CAC) and valid building pass. The Internal Review Team found the Washington Navy Yard was in general compliance with DoD installation access policies, although random vehicle or bag inspections were not conducted in accordance with DoD policy. There is no way to know, however, whether more frequent inspections might have given law enforcement personnel the opportunity to discover the weapon Alexis carried onto the installation and neutralize or minimize the immediate threat. […] The Internal Review Team identified several vulnerabilities that may have alerted the Department to the potential threat before the incident occurred. The team's significant findings, summarized below, are detailed in section 7 of this report:  The Office of Personnel Management (OPM) background investigation was missing critical information.  The Navy granted Alexis a Secret security clearance with specified conditions, but there was no oversight mechanism in place to ensure compliance.  Alexis' Navy command did not report in the security system of record multiple incidents of adverse information during Alexis' active duty service.  Alexis' employer, The Experts, Inc., had no insight into Alexis' chronic personal conduct issues during his Navy service when they hired him and placed him in a position that required access to classified information.  Alexis' employer did not report behaviors indicating psychological instability and did not seek assistance from a mental health professional or guidance from the Defense Security Service.  Although the Review found no direct ties to gaps in physical security practice and the actual events of September 16, planned cuts in physical security and vulnerability assessments funding and an overall lack of compliance with installation access control policy are likely to leave the Department vulnerable to threats to mission assurance."
U.S. Department of Defense: http://www.defense.gov/