FAQs for GRS 5.6, Security Records
Download all Frequently Asked Questions of Individual GRS Schedules in a PDF
1. What is a Facility Security Level?
A Facility Security Level (FSL) is an estimation of the level of risk at a facility. See The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (August 2013, 1st Edition).
QUESTION RELATED TO ITEMS 060 and 061
2. What is the significance of the $500 over/under threshold amounts identified in the item titles?
Unclaimed personal property becomes the property of the Government 30 days after being found. Documentation of personal property valued over $500 must be kept for an additional 3 years from the date that title to the property vests in the Government to allow time for the former owner to file a claim.
QUESTION RELATED TO ITEM 070
3. Why are the Interagency Security Committee member records retained for 10 years?
The Department of Homeland Security’s Interagency Security Committee recommends a minimum retention period of 10 years for these records, as stated in Facility Security Committees: An Interagency Security Committee Standard (January 1, 2012, 2nd Edition), page 22.
QUESTION RELATED TO ITEM 140
4. What is a “TEMPEST Checklist”?
A TEMPEST Checklist is a form used to meet certain security requirements. TEMPEST refers to the investigation, study and control of compromising emanations from telecommunications and automated information system equipment (DoDM 5105.21-V2, October 19, 2012, page 41).
QUESTION RELATED TO ITEMS 170 and 171
5. What is the difference between items 170 and 171? How do I know if my agency has “delegated investigative authority”?
The difference is whether an agency relies on another agency to conduct investigations (item 170) or conducts its own investigations under authority delegated from the Office of Personnel Management (OPM) or similar organization (item 171). Your agency’s personnel security office can tell you your agency’s delegated authority status and the agreed-upon retention period for the investigation reports. Item 171 provides disposition authority for records created by those agencies holding delegated authority. Item 170 should be used by all other agencies.
QUESTION RELATED TO ITEMS 210 THROUGH 240
6. What is an insider threat?
An insider threat is the potential that an employee, contractor, or other person with authorized access to a Federal agency “will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through violent acts, espionage, terrorism, unauthorized disclosure of national security information, or through the loss, denial or degradation of departmental resources or capabilities” (Defense Security Service Regulation, Number 05-06, January 30, 2014, page 14).
QUESTIONS RELATED TO ITEM 230
7. Some of the documents included under this item have shorter retention periods as personnel records under various items in GRS 2.2, 2.3, and 2.4. . Which takes precedence: other GRS items with shorter retention periods or the GRS 5.6, 25-year retention period required in item 230?
Item 230 covers copies of certain Human Resources (HR) records collected by an insider threat program for a unique business purpose. The original records held by the HR office remain scheduled under other GRS schedules. Copies of the same record may be retained by different offices for different time periods. Each copy documents a separate business function.
8. Twenty-five years is too long for my agency to keep insider threat information. How do we request a shorter retention period?
Your agency is welcome to submit an agency-specific records schedule following its normal procedure. The schedule should include a justification for deviating from the GRS. Since the GRS establishes a legal minimum retention period for similar records across the Government, we request your agency’s general counsel sign off on any agency-specific schedule requesting to keep records beneath the 25-year threshold.