Reference Library

Published August 4, 2025, this guidance provides background on Fundamental Research (FR) as defined by NSDD-189 and DoD's implementation of the Directive via the May 24, 2010 'Carter Memo'. The Guidance notes that 'under the Carter Memo, research funded by 6.1 budget activity or 6.2 research conducted on a university campus is fundamental. For other research categories, the Department must be deliberate when deciding that a particular research topic is appropriate for openly published fundamental research'. It incorporates Considerations for Program Managers and Contracts and Grants Officers, including: a. Refraining from imposing publication review of research that has been formally designated as fundamental; b. For awards with multiple performers, considering whether some portion of the work should be designated as FR even if much of the award is not; and c. Avoiding flowing down restrictions to awardees performing FR that are inappropriate for FR. In addition, no security vetting should be done on personnel engaged in fundamental research and no preapproval conditions for the addition of researchers.

Issued July 18, 2025 as a follow-up to NOT-OD-25-104. This updated guidance creates an alternative, short-term approach for existing grants and cooperative agreements involving human subjects research (e.g., clinical trials and clinical research) with foreign sites. The alternative approach involves removing a foreign sub-award from the primary award and having it issued as a foreign supplement award.

Effective October 1, 2025, recipient institutions must train senior/key personnel on the requirement to disclose all research activities and affiliations in Other Support and maintain a 'written and enforced policy on requirements for the disclosure of other support to ensure Senior/Key Personnel fully understand their responsibility to disclose.'

Published July 10, 2025. Includes NSF implementation of three new requirements (and three existing ones) in alignment with the CHIPS and Science Act and NSPM-33. The requirements, effective October 10, 2025, include: a. Recipient institutions must maintain supporting documentation for foreign activities reported as current and pending (other) support, b. Senior/key personnel must certify they have completed research security training (RST) within 12 months prior to proposal submission; Recipient institutions' Authorized Organizational Representative (AOR) must certify that all senior/key personnel have completed required RST and that the institution has a plan to provide appropriate training, c. AORs at institutions of higher education (IHEs) must certify that, absent a waiver granted by the NSF Director, the IHE does not maintain a contract or agreement between the institution and a Confucius Institute.

Issued July 8, 2025. This memorandum: a. Requires all USDA Mission Areas, Agencies, and Offices to: i. Within 30 days, conduct a comprehensive review of all current USDA awards/subawards with foreign persons/entities and provide justification as to why a US recipient was not selected, ii. Effective immediately, request approval (including justification) prior to issuing an award/subaward to a foreign person/entity. b. Requires applicants (i.e., covered individuals) to: i. Complete the Common Forms for Biographical Sketches and Current and Pending (Other) Support and provide updated information annually, ii. Certify they are not a participant in a malign foreign talent recruitment program (MFTRP) and recertify annually, iii. Certify that they are not contracting with or providing benefit to any foreign person/entity in a country of concern, iv. Certify that they are not party to utilizing forced labor, v. Complete an annual disclosure of contracts associated with participation in programs sponsored by foreign governments/entities, vi. Seek approval from USDA to subaward any portion of a funded arrangement, including university students, post-doctoral fellows, and visiting researchers. c. Requires Employing Entities to: i. Certify to applicants' completion of research security training, ii. Prohibit applicants who either are currently or have in the past 10 years participated in MFTRPs from working on USDA projects, iii. Provide supporting documentation for foreign activities reported as current and pending support, iv. Review any documents required under the memorandum for compliance with USDA award terms and conditions.

Published by DoD on June 24, 2025, this document introduces the FY23 lists of foreign institutions identified as engaging in problematic activity and foreign talent recruitment programs identified as posing a threat to U.S. national security, as required by Section 1286 of the FY2019 NDAA.

The CHIPS and Science Act of 2022 directs federal research funding agencies to establish a policy that requires each covered individual (CI) listed in an R&D proposal to certify that they are not a party to a MFTRP in the proposal submission and annually thereafter for the duration of the award. NSF was the first federal agency to implement this certification via the common federal biosketch and current and pending support forms in May 2024. NSF began rolling out the annual certification on June 7, 2025, for all PIs and co-PIs named on an NSF award made on or after May 20, 2024. NSF is making sample contracts available that meet the parameters of a MFTRP. Contract examples and frequently asked questions can be found on the NSF website under MFTRPs.

The Congressional Research Service (CRS) issued a report on May 20, 2025, summarizing federal research security policy efforts to date, and providing options Congress might consider to address perceived gaps or deficiencies while also remaining cognizant of the potential increase to administrative burden they would present. Proposed options discussed include: a. Expanding sources of foreign support researchers are required to disclose, b. Broadening the scope of who is required to disclose Current and Pending (Other) Support, c. Increasing the frequency of post-award updates, d. Expanding agency requirements when reviewing disclosed information, e. Focusing risk assessment activities more narrowly on critical and emerging technologies, f. Expanding agencies' requirements to report to congress on research security violations, mitigation measures, and implementation status.

Issued May 1, 2025. Prospectively updates NIH policies and practices for utilizing foreign subawards. Per the notice, 'NIH is establishing a new award structure that will prohibit foreign subawards from being nested under the parent grant. This new award structure will include a prime [with independent linked awards] that will allow NIH to track the project's funds individually while scientific progress will be reported collectively by the primary institution under the Research Performance Progress Report.' NIH anticipates implementing the new award structure by no later than September 30, 2025, prior to Fiscal Year 2026. The policy continues to support direct foreign awards and plans to expand this policy to domestic subawards in the future, for consistency.

Effective immediately (April 29, 2025), the SBIR and STTR Foreign Disclosure and Risk Management Requirements described in NOT-OD-23-139 and NOT-OD-24-029 may be applied to all active SBIR and STTR awards regardless of the due date the competing application was submitted. Recipients with active awards that did not undergo foreign risk assessment at the time of their original application may be required to disclose all funded and unfunded relationships with foreign countries, using the Required Disclosures of Foreign Affiliations or Relationships to Foreign Countries Form. If the recipient reports a covered foreign relationship that meets any of the risk criteria prohibiting funding, NIH may deem it necessary to terminate the award for material failure to comply with the federal statutes, regulations, or terms and conditions of the federal award.

Issued on November 26, 2024. DOE's RTES office issued a 'framework to minimize, mitigate, and manage risks while maintaining an open, collaborative, and world-leading scientific enterprise.' The process includes three phases during which RTES will coordinate with program offices. This includes ensuring solicitations include appropriate language on RTES requirements, including assessment of technology risk level; and RTES 'due diligence' reviews before selection for award; and changes that occur during the life of a project that may trigger RTES review. Risk reviews use information disclosed to the agency as well as public and classified sources. Risk factors include ties to malign foreign talent recruitment programs, 'certain foreign funding sources', 'certain concerning behaviors associated with patenting', and ties to foreign entities or foreign collaborators on specified [certain U.S. restricted] lists 'or with specified characteristics.'

Issued on October 7, 2024, this document outlines DOE's implementation of research security training requirements for covered individuals on financial assistance applications and for organizations applying for an award. The requirement was effective immediately but not mandatory until May 1, 2025. The training requirement is satisfied either by completion of the four training modules created by NSF, completion of the SECURE Center CTM (as indicated per DOE post FAL), or by a custom training program that is aligned with the CHIPS and Science Act Section 10634(b). Per DOE the training must be completed within the 12 months immediately preceding the application submission, consistent with the CHIPS Act requirements, and any covered individuals added to the project must certify that they have completed the training within 30 calendar days of joining the project.

The final CMMC Program rule published in October 2024 by the DoD Office of the Secretary establishing the Cybersecurity Maturity Model Certification framework for protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in the defense supply chain.

Supplemental summary document and press release from DoD announcing the final CMMC Program rule.

September 2024, report ordered by Committee on Homeland Security. States that IHEs which have a relationship with a Confucius Institute or Chinese entity of concern is ineligible to receive any funds from the Department of Homeland Security, unless the institution terminates the relationship.

Issued on August 8, 2024. Effective May 1, 2025, applicants are required to have a Digital Persistent Identifier or Persistent Identifier (PID) if: 1. Individuals are listed within financial assistance applications that will fund R&D activities, or technical assistance to support R&D activities; and 2. Individuals are required to submit Biographical Sketch and/or Current and Pending (Other) Support disclosure. A PID is defined as globally unique, persistent, machine resolvable and processable, and has an associated metadata schema (example: ORCID iD). PIDs must be provided in the Biographical Sketch and/or Current and Pending (Other) Support disclosures as part of the application. This requirement is optional until May 1, 2025, and mandatory thereafter.

An August 2024 report emphasizing the importance of the critical quantum information science and technology (QIST) field and the need to enhance interagency cooperation, fund international collaboration, and track global competitiveness.

An NIH blog post from August 2024 explaining the new Decision Matrix and clarifying NIH processes for handling allegations of foreign interference.

August 2024. Assists agency staff in assessing grant applications and ongoing awards for potential foreign interference. Factors considered include: (1) current or past participation in a malign foreign talent recruitment program, which is prohibited by law, (2) undisclosed current or prior funding from a foreign country of concern (FCOC), or connected entity (currently China, Russia, North Korea, and Iran (higher risk)) or other foreign country (lower risk) and, (3) Indicators of an undisclosed current or past affiliation with an institution or entity located in or connected to a FCOC (higher-risk/mitigation) or foreign country (lower-risk/mitigation). Per the matrix, mitigation is either required, recommended, suggested, or not required based on the timing of the engagement and if accurate and complete disclosure information was provided. Mitigation conditions include: (1) specific award conditions, (2) modification of terms and conditions of award, (3) suspension, termination, or withdrawal of an award, (4) conversion from advance payment to reimbursement, and (5) recovery of funds.

Final Research Security Program (RSP) Guidelines published on July 9, 2024, via a memorandum to the heads of federal research funding agencies. Federal agencies are directed to implement the guidelines and provide time for institutional implementation. The four required areas are: cybersecurity, foreign travel security, research security training, and export control training. Agencies are coordinating implementation under a memorandum of agreement and anticipated to issue the requirements in early 2026.

June 2024. NSF initiated a proposal risk review process similar to that of DoD but with some notable differences. NSF's process will focus on critical technologies, beginning with a pilot of quantum technologies proposals in FY25, expanding to other key technologies in phase 2, and scaling up for all key technologies identified in the CHIPS and Science Act in phase 3. NSF will evaluate Three Criteria: 1. Appointments and positions with U.S. proscribed parties (e.g., U.S. BIS Entity List) and currently party to a MFTRP; 2. Non-disclosures of appointments, activities, and financial support; and 3. Potential foreseeable national security applications of the research. NSF will consider only current foreign appointments and affiliations and is not considering co-authorship in risk assessment.

A summary of the NSF-funded workshop 'Responsible Collaboration Through Appropriate Research Security' held at Rice University's Baker Institute for Public Policy in May 2024. Discusses challenges and opportunities in the emerging field of RoRS and provides recommendations to guide NSF's new RoRS program.

A matrix developed to assist in determining if specific activities are required to be disclosed and what form is appropriate for reporting. Last updated May 2024.

Frequently asked questions about DARPA's Fundamental Research Risk-Based Security Review Program (FRR-BS), issued May 2024.

A survey issued by COGR in April 2024 documenting research institutions' experiences with DoD's policy for risk-based security reviews of fundamental research.