Frequently Asked Questions about GRS 5.6, Security Management Records
Updated: April 2024
1. How are federal law enforcement and federal correctional activities defined for this GRS?
Federal law enforcement and correctional activities are usually mission activities of an agency.
Federal law enforcement activities include:
- Border and transportation security
- Fugitive and criminal apprehension
- Criminal investigation and surveillance
- Crime prevention
- Leadership protection
- Substance control enforcement
- Immigration and naturalization
- Criminal and terrorist threat mitigation Criminal management
- Executing court orders
- Witness protection
Federal correctional activities include incarceration, supervision, parole, and rehabilitation of federal prisoners.
The GRS excludes records related to these mission activities, even if the records are similar. Agencies involved in these activities cannot use the GRS for any records related to law enforcement or corrections. This includes operating prisons, jails, or detention facilities.
All agencies can use the GRS for records related to general security management. Security management involves protecting buildings, sites and personnel. It is a common, administrative function of the government.
2. In item 170, what is the investigating agency instruction regarding disposition of the records?
OPM delegates authority for conducting background investigations to the Defense Counterintelligence and Security Agency (DCSA). DCSA guidance states that agency copies of background investigation records received from DCSA must be destroyed upon employee separation or when an applicant is no longer of interest to the agency.
3. What is the difference between items 170 and 171?
The difference comes from who creates the records. Some agencies have authority to conduct personnel security investigations. OPM or another organization has delegated this authority to them. Item 171 covers these records. Item 170 covers investigations another entity conducts for your agency. If your agency does not conduct personnel security investigations, use item 170.
4. For item 171, how do I know if my agency has “delegated investigative authority”?
Contact your agency’s personnel security office. They should also know how long the records must be kept.
5. What is an insider threat (related to items 210-240)?
An insider threat is the possibility that someone authorized access to a federal agency will do harm to the security of the United States. This threat can include:
- violent acts
- espionage
- terrorism
- unauthorized disclosure of national security information
- the loss, denial or degradation of departmental resources or capabilities
See Defense Security Service Regulation, Number 05-06, January 30, 2014, for more information.
6. What is the difference between insider threat information (item 230) and User Activity Monitoring (UAM) data (item 240)?
Insider threat information is the routine data collected by Insider Threat programs. It is an aggregation of records used for trend analysis. Most of these records are not unique, but are copies of records from other offices or sources.
UAM data is information about system users. Insider Threat Programs use it to find abnormal activity and misuse of government systems. Agencies must collect this data for national security systems. Some agencies collect it for other systems as well.