FAQs for GRS 5.6, Security Management Records
Download all Frequently Asked Questions of Individual GRS Schedules in a PDF
1. What are the definitions of Federal law enforcement and Federal correctional activities in the context of the GRS?
We developed the framework for the current GRS using the Federal Enterprise Architecture Business Reference Model taxonomy (FEA BRM) (2013). The FEA BRM distinguishes between Federal law enforcement activities, Federal correctional activities, and security management activities.
Federal law enforcement activities include the following:
- Border and transportation security
- Fugitive and criminal apprehension
- Criminal investigation and surveillance
- Crime prevention
- Leadership protection
- Substance control enforcement
- Immigration and naturalization
- Criminal and terrorist threat mitigation
- Criminal management
- Executing court orders
- Witness protection
Federal correctional activities include incarceration, supervision, parole, and rehabilitation of federal prisoners.
This schedule excludes records that are related to the mission activities listed above. Agencies that conduct law enforcement or correctional activities as part of their mission, such as the Federal Bureau of Investigation, Bureau of Prisons, and Immigration and Customs Enforcement, among others, cannot apply this GRS to records related to these activities. However, such agencies should use this GRS for records they create and maintain about their facility and personnel security management activities, which are agency operational activities. This does not include security activities related to operating prison, jail, or detention facilities (which fall under the list above), even if those records are similar to security management records for the agency’s facilities and personnel.
2. What is a Facility Security Level?
A Facility Security Level (FSL) is an estimation of the level of risk at a facility. See The Risk Management Process for Federal Facilities: An Interagency Security Committee Standard (August 2013, 1st Edition).
QUESTIONS RELATED TO GRS 5.6, ITEMS 060 and 061
3. What is the significance of the $500 over/under threshold amounts identified in the item titles?
Unclaimed personal property becomes the property of the Government 30 days after being found. Agencies must keep documentation of personal property valued over $500 for an additional three years from the date that title to the property vests in the Government to allow time for the former owner to file a claim.
QUESTION RELATED TO GRS 5.6, ITEM 140
4. What is a “TEMPEST Checklist”?
A TEMPEST Checklist is a form agencies use to ensure they meet certain security requirements. TEMPEST refers to investigating, studying, and controlling compromising emanations from telecommunications and automated information systems equipment (DoDM 5105.21-V2, October 19, 2012, page 41).
QUESTIONS RELATED TO GRS 5.6, ITEMS 170 and 171
5. What is the difference between items 170 and 171?
The difference is that item 171 covers investigations your agency conducts under authority delegated from the Office of Personnel Management (OPM) or similar organization, and item 170 covers investigations another agency conducts for your agency. Item 171 provides disposition authority for records created by agencies holding delegated authority. All other agencies should use item 170.
6. How do I know if my agency has “delegated investigative authority”?
Contact your agency’s personnel security office. They should also know the agreed-upon retention period for the investigation reports.
QUESTION RELATED TO GRS 5.6, ITEMS 210 THROUGH 240
7. What is an insider threat?
An insider threat is the potential that an employee, contractor, or other person with authorized access to a Federal agency “will use his/her authorized access, wittingly or unwittingly, to do harm to the security of the United States. This threat can include damage to the United States through violent acts, espionage, terrorism, unauthorized disclosure of national security information, or through the loss, denial or degradation of departmental resources or capabilities” (Defense Security Service Regulation, Number 05-06, January 30, 2014, page 14).
QUESTION RELATED TO GRS 5.6, ITEM 230
8. Twenty-five years is too long for my agency to keep insider threat information. How do we request a shorter retention period?
Your agency is welcome to submit an agency-specific records schedule following its normal procedure. The schedule should include a justification for deviating from the GRS. Since the GRS establishes a legal minimum retention period for similar records across the Government, your agency’s general counsel needs to review and approve any agency-specific schedule requesting to keep the records for a shorter time than the 25-year threshold.
QUESTIONS RELATED TO GRS 5.6, ITEMS 230 and 240
9. What is the difference between item 230 and 240?
Item 230, Insider threat information, covers the insider threat program routine data collection, which is sometimes referred to as a “hub.” An agency’s data collection is an aggregation of records used for trend analysis. Most of these records are not unique, but are copies of other records.
Item 240, Insider threat user activity monitoring (UAM) data only exists for national security systems. It collects network data about users of national security systems to support detection of behavioral patterns and relationships with other insider threats.