The Department of Defense Inspector General reported the conclusion in an audit begun in September 2012 and released Tuesday.
The Navy Commercial Access Control System, or NCACS, "did not effectively mitigate access-control risks associated with contractor-installation access" at Navy installations, the report said. "This occurred because Commander, Navy Installations Command [CNIC] officials attempted to reduce access control costs."
The inspector general's report concluded 52 convicted felons "received routine unauthorized installation access, placing military personnel, dependents, civilians and installations at an increased security risk."
The report accused the CNIC N3 anti-terrorism office of misrepresenting NCACS costs by failing to perform "a comprehensive business case analysis" and issuing policy "that prevented transparent cost accounting of NCACS."
The report recommended installation of new systems to regulate access to Navy facilities, and that the Navy "review the inappropriate contracting practices and establish a corrective action plan."
The report, previously classified as "for official use only" was made public Tuesday -- one day after 13 people, including an alleged attacker identified as an employee of a contractor, were shot and killed in a massacre at the Navy Yard.