Reference Library

DoD's Basic Research and Research Directorate portal providing access to fundamental research policies, the decision matrix, Section 1286 lists, and research security guidance for defense-funded research.

AAMC's portal for research security resources, providing guidance and advocacy materials on research security and foreign influence at U.S. academic institutions.

For applicants, recipients, and subrecipients that are required to submit transparency of foreign connections disclosures, DOE provides this format for the convenience of the entity providing the disclosure and certification; however, the entity is not required to use this specific format. If another format is used, the signatory must include the same substantive information, a signature, date, and the certification statement provided in Section 3 of the document.

The Federal Demonstration Partnership homepage, a cooperative initiative among federal agencies and institutional recipients of federal funds working to streamline the administration of federally sponsored research.

The ODNI research security portal providing resources, threat briefings, and guidance for the academic research community on protecting research from foreign intelligence threats.

NSF's research security portal providing access to policies, forms, training resources, and guidance related to research security at the National Science Foundation.

COGR's homepage providing access to research security resources, matrices, quick reference tables, and policy analysis for research institutions navigating federal research security requirements.

NIH's research security portal providing access to notices, policies, decision matrices, and resources related to identifying and addressing foreign interference in NIH-funded research.

The APLU homepage providing access to research security resources and advocacy materials from the Association of Public and Land-Grant Universities.

The AAU homepage providing access to research security resources, policy statements, and advocacy materials from the Association of American Universities.

The G7 research security portal providing resources and coordination among G7 member nations (Canada, France, Germany, Italy, Japan, United Kingdom, and United States) on research security best practices and policies.

Direct link to COGR's Quick Reference Table of Current & Upcoming Federal Research Security Requirements.

Direct link to COGR's Matrix of Science & Security Laws, Regulations, and Policies.

DOE's Research, Technology & Economic Security (RTES) portal providing access to policies, frameworks, and resources for managing research security risks in DOE-funded research.

A matrix that lists policies and requirements under the headings of: Disclosures, Agency Risk Assessment, FCOI & COC, Training, Certifications, and Research Security Program for each federal agency. Per COGR, this tool is frequently updated to reflect the release of new documentation. Updated September 30, 2025.

A chart that compares federal laws, regulations, and policies in the area of science and security. The chart is divided into three separate tabs that cover (a) major federal-wide legislation or policy, (b) agency disclosure requirements for researchers and research institutions; and (c) agency conflict of interest policies. Updated September 30, 2025.

In a September 29, 2025, notice (NOT-OD-25-161), the National Institutes of Health (NIH) rescinded the September 11, 2025, notice (NOT-OD-25-154) Implementation of NIH Research Security Policies. Per the notice, 'NIH continues to work with the National Science Foundation and other Federal research agencies to finalize guidance on each of the required elements outlined in the Office of Science and Technology Policy (OSTP) Guidelines for Research Security Programs at Covered Institutions, and to develop a centralized process for recipients to certify compliance.' The notice indicates that the implementation date for the requirements announced in NOT-OD-25-154 have not been finalized, the notice is therefore rescinded, and that 'NIH will issue updated guidance on Research Security requirements in the coming months.'

Issued September 24, 2025, and effective October 24, 2025, NIH implemented NOT-OD-25-160, a policy to enhance security for human biospecimens in NIH-funded research.

On September 24, 2025, and effective immediately, NIH issued NOT-OD-25-159, establishing new security, operational, and transparency standards for controlled-access data repositories (CADRs) that store and manage sensitive human research data.

On September 18, 2025, NIH released additional information regarding the agency's new application and award structure for international collaborations, previously announced in NIH NOT-OD-25-155. In addition to summarizing impacts to proposing/recipient institutions, the announcement provides links to additional information for the four new Activity Codes (grant types) that will be used to facilitate the new application and award process.

Issued September 12, 2025, this notice provides additional information on the agency's new process for handling foreign components, as NIH announced in NOT-OD-25-104 that the agency would not issue awards for proposals that include subawards to foreign entities. Under the process described in NOT-OD-25-155, competing applications that include one or more foreign components must submit to a Notice of Funding Opportunity (NOFO) that supports a complex mechanism activity code, including two new international project 'parent' activity codes that NIH is creating: PF5 for grants and UF5 for cooperative agreements.

In the September 10, 2025, Federal Register, the Department of Defense (DoD) issued a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the final Cybersecurity Maturity Model Certification (CMMC) program rule. The new rule formalizes the ability of the DoD to include CMMC requirements as a condition of contract award, to include either Federal Contract Information (FCI), Controlled Unclassified Information (CUI), or both.

On September 4, 2025, NIH issued notice NOT-OD-25-152, regarding the agency's plans to release preview versions of NIH's Common Forms for Biographical Sketches (Biosketches) and Current and Pending (Other) Support in the Science Experts Network Curriculum Vitae (SciENcv) system. Access to the preview versions is purely for informational purposes and applicants/recipients may not submit documents to NIH that were created using the preview functionality. Applicants/recipients must continue to use the current NIH Biosketch and Other Support forms until NIH officially implements its Common Forms, which the agency anticipates will occur in November 2025. The fall 2025 government shutdown may impact this timeline.

The National Academies Assessing Research Security Efforts in Higher Education working group held a number of meetings and a May workshop with federal and non-federal experts beginning September 2024 and concluding September 4, 2025, to discuss assessment of federal research security efforts. Proceedings from the workshop can be found on the National Academies website.

Published September 3, 2025, a National Academies Committee conducted an expedited study to examine federal research regulations and identify ways to improve regulatory processes and administrative tasks, reduce or eliminate unnecessary work, and modify and remove policies and regulations that have outlived their purpose while maintaining necessary and appropriate integrity, accountability, and oversight. Research security specific options include: implement the NSPM-33 common disclosure forms and disclosure table without deviation; establish common principles for agency research security risk reviews for fundamental research; continue prior efforts to streamline and clarify export controls; and adapt cybersecurity requirements for university settings.