Skip to content
Research Security
Reference Library

IT / Cybersecurity Staff

Staff responsible for cybersecurity programs, NIST compliance, CMMC, and data repository security.

14 relevant references

Key Deadlines

Early 2026

Final Guidelines for Research Security Programs at Covered Institutions

Federal agencies anticipated to issue RSP requirements to awardee institutions

Federal

Disclosure Requirements

View all →

National Security Presidential Memorandum-33 (NSPM-33): Presidential Memorandum on U.S. Government-Supported Research and Development National Security Policy

ActiveFederalJan 1, 2021

A Presidential Memorandum issued in January 2021 to strengthen protections of U.S. Government-supported R&D against foreign government interference and exploitation. It focuses on ensuring full disclosure of potential conflicts of interest and commitment by recipients of federal R&D and requires research institutions receiving over $50 million in federal R&D funding to certify they operate a research security program covering cybersecurity, foreign travel security, insider threat awareness, and export control training. As of November 2025, federal agencies continue to coordinate and work to implement this requirement for awardee institutions.

Research Security Programs

View all →

Final Guidelines for Research Security Programs at Covered Institutions

ActiveFederalJul 9, 2024

Final Research Security Program (RSP) Guidelines published on July 9, 2024, via a memorandum to the heads of federal research funding agencies. Federal agencies are directed to implement the guidelines and provide time for institutional implementation. The four required areas are: cybersecurity, foreign travel security, research security training, and export control training. Agencies are coordinating implementation under a memorandum of agreement and anticipated to issue the requirements in early 2026.

Risk Assessment & Mitigation

View all →

Protect Your Organization from the Foreign Intelligence Threat

ActiveFederalDec 1, 2021

Issued by the NCSC in December 2021, this document includes links to risk mitigation materials that can be utilized to improve: physical security, personnel security, operations security, cybersecurity, defensive counterintelligence, insider threat mitigation, and supply chain risk management.

Cybersecurity

View all →

DoD Publishes Federal Rule for DFARS CMMC 2.0 Standards

ActiveDoDSep 10, 2025

In the September 10, 2025, Federal Register, the Department of Defense (DoD) issued a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the final Cybersecurity Maturity Model Certification (CMMC) program rule. The new rule formalizes the ability of the DoD to include CMMC requirements as a condition of contract award, to include either Federal Contract Information (FCI), Controlled Unclassified Information (CUI), or both.

Cybersecurity Maturity Model Certification (CMMC) Program (32 CFR 170)

ActiveDoDOct 1, 2024

The final CMMC Program rule published in October 2024 by the DoD Office of the Secretary establishing the Cybersecurity Maturity Model Certification framework for protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in the defense supply chain.

Cybersecurity for Research: Findings and Possible Paths Forward (NIST 8481)

DraftNISTAug 1, 2023

An initial public draft issued by NIST in August 2023 that summarizes feedback NIST received on institutions of higher education (IHE) cybersecurity challenges and includes resources and possible next steps. Per the final research security program guidelines published July 9, 2024, institutions are to implement a cybersecurity program one year after publication of the final version of this NIST cybersecurity resource. Federal research funding agencies, working with NIST and IHEs via the Federal Demonstration Partnership (FDP), are currently developing cybersecurity guidelines that align with NIST 8481 for use in RSPs.

Legislation & Congressional Activity

View all →

CHIPS and Science Act

ActiveFederalAug 1, 2022

Signed into law in August 2022, the CHIPS and Science Act includes a number of research security provisions. Key sections address research security at DOE, NIST cybersecurity guidance, NSF Office of Research Security and Policy, research security training requirements, information sharing analysis organizations, Confucius Institute restrictions, foreign financial support reporting, and foreign talent recruitment program requirements.

Related Comparisons