Officers responsible for institutional research security programs, export controls, and risk assessment.
108 relevant references
DoE research security training requirement becomes mandatory
NSF begins rolling out annual MFTRP certification for PIs/co-PIs
NIH Other Support disclosure training requirement takes effect
NSF Important Notice 149 requirements take effect
NIH biospecimens security policy takes effect
Federal agencies anticipated to issue RSP requirements to awardee institutions
A matrix that lists policies and requirements under the headings of: Disclosures, Agency Risk Assessment, FCOI & COC, Training, Certifications, and Research Security Program for each federal agency. Per COGR, this tool is frequently updated to reflect the release of new documentation. Updated September 30, 2025.
A chart that compares federal laws, regulations, and policies in the area of science and security. The chart is divided into three separate tabs that cover (a) major federal-wide legislation or policy, (b) agency disclosure requirements for researchers and research institutions; and (c) agency conflict of interest policies. Updated September 30, 2025.
Published July 10, 2025. Includes NSF implementation of three new requirements (and three existing ones) in alignment with the CHIPS and Science Act and NSPM-33. The requirements, effective October 10, 2025, include: a. Recipient institutions must maintain supporting documentation for foreign activities reported as current and pending (other) support, b. Senior/key personnel must certify they have completed research security training (RST) within 12 months prior to proposal submission; Recipient institutions' Authorized Organizational Representative (AOR) must certify that all senior/key personnel have completed required RST and that the institution has a plan to provide appropriate training, c. AORs at institutions of higher education (IHEs) must certify that, absent a waiver granted by the NSF Director, the IHE does not maintain a contract or agreement between the institution and a Confucius Institute.
Issued July 8, 2025. This memorandum: a. Requires all USDA Mission Areas, Agencies, and Offices to: i. Within 30 days, conduct a comprehensive review of all current USDA awards/subawards with foreign persons/entities and provide justification as to why a US recipient was not selected, ii. Effective immediately, request approval (including justification) prior to issuing an award/subaward to a foreign person/entity. b. Requires applicants (i.e., covered individuals) to: i. Complete the Common Forms for Biographical Sketches and Current and Pending (Other) Support and provide updated information annually, ii. Certify they are not a participant in a malign foreign talent recruitment program (MFTRP) and recertify annually, iii. Certify that they are not contracting with or providing benefit to any foreign person/entity in a country of concern, iv. Certify that they are not party to utilizing forced labor, v. Complete an annual disclosure of contracts associated with participation in programs sponsored by foreign governments/entities, vi. Seek approval from USDA to subaward any portion of a funded arrangement, including university students, post-doctoral fellows, and visiting researchers. c. Requires Employing Entities to: i. Certify to applicants' completion of research security training, ii. Prohibit applicants who either are currently or have in the past 10 years participated in MFTRPs from working on USDA projects, iii. Provide supporting documentation for foreign activities reported as current and pending support, iv. Review any documents required under the memorandum for compliance with USDA award terms and conditions.
Effective immediately (April 29, 2025), the SBIR and STTR Foreign Disclosure and Risk Management Requirements described in NOT-OD-23-139 and NOT-OD-24-029 may be applied to all active SBIR and STTR awards regardless of the due date the competing application was submitted. Recipients with active awards that did not undergo foreign risk assessment at the time of their original application may be required to disclose all funded and unfunded relationships with foreign countries, using the Required Disclosures of Foreign Affiliations or Relationships to Foreign Countries Form. If the recipient reports a covered foreign relationship that meets any of the risk criteria prohibiting funding, NIH may deem it necessary to terminate the award for material failure to comply with the federal statutes, regulations, or terms and conditions of the federal award.
A matrix developed to assist in determining if specific activities are required to be disclosed and what form is appropriate for reporting. Last updated May 2024.
Issued by the White House OSTP in February 2024, this policy requires federal agencies to use the Common Forms for current and pending support and biosketches, noting that NSF will serve as steward. Deviation from the common disclosure forms will require Office of Management and Budget (OMB)/Office of Information and Regulatory Affairs (OIRA) review and clearance under the Paperwork Reduction Act (PRA).
The common form for federal-wide use for current and pending (other) support disclosure, created as directed by NSPM-33 with NSF serving as steward. The form includes certification by each senior/key person at the time of submission that they are not a party to a malign foreign talent recruitment program as defined in the CHIPS and Science Act of 2022. As of November 2025, the form has been implemented by NSF and the National Aeronautics and Space Administration (NASA).
The common form for federal-wide biographical sketch disclosure, created as directed by NSPM-33 with NSF serving as steward. Includes certification by each senior/key person at the time of submission that they are not a party to a malign foreign talent recruitment program as defined in the CHIPS and Science Act of 2022. As of November 2025, the form has been implemented by NSF and NASA.
A November 2023 supplement to the NSPM-33 Implementation Guidance that provides definitions of terms used throughout the guidance and related policy documents.
The NSF Proposal and Award Policies and Procedures Guide (NSF 23-1, January 2023). Post-award Disclosure of Current Support and In-Kind Contribution Information: PAPPG Chapter II.D.2.h(ii).
A summary document issued by COGR in January 2022 that highlights key points of the Guidance for Implementing NSPM-33 Provisions.
A January 2022 report by the White House OSTP/NSTC Research Security Subcommittee providing additional details on 1.) Disclosure Requirements and Standardization 2.) Persistent Identifiers 3.) Consequences for Violation of Disclosure Requirements 4.) Information Sharing and 5.) Research Security Programs. Largely superseded by the final July 9, 2024 guidelines.
A Presidential Memorandum issued in January 2021 to strengthen protections of U.S. Government-supported R&D against foreign government interference and exploitation. It focuses on ensuring full disclosure of potential conflicts of interest and commitment by recipients of federal R&D and requires research institutions receiving over $50 million in federal R&D funding to certify they operate a research security program covering cybersecurity, foreign travel security, insider threat awareness, and export control training. As of November 2025, federal agencies continue to coordinate and work to implement this requirement for awardee institutions.
Issued July 10, 2019. Reminds institutions receiving NIH funding of the requirement for researchers to disclose all sources of support for their research endeavors, regardless of the source, value, or whether monetary or in-kind, and to disclose all scientific appointments and positions, whether foreign or domestic, paid or unpaid, etc. The notice also reminds the extramural community of the requirement to comply with HHS regulations regarding Financial Conflicts of Interest, as well as the requirement to report all Foreign Components involved in NIH-supported activities.
The ODNI research security portal providing resources, threat briefings, and guidance for the academic research community on protecting research from foreign intelligence threats.
COGR's homepage providing access to research security resources, matrices, quick reference tables, and policy analysis for research institutions navigating federal research security requirements.
The APLU homepage providing access to research security resources and advocacy materials from the Association of Public and Land-Grant Universities.
The AAU homepage providing access to research security resources, policy statements, and advocacy materials from the Association of American Universities.
The Federal Demonstration Partnership homepage, a cooperative initiative among federal agencies and institutional recipients of federal funds working to streamline the administration of federally sponsored research.
Direct link to COGR's Quick Reference Table of Current & Upcoming Federal Research Security Requirements.
Direct link to COGR's Matrix of Science & Security Laws, Regulations, and Policies.
AAMC's portal for research security resources, providing guidance and advocacy materials on research security and foreign influence at U.S. academic institutions.
DoD's Basic Research and Research Directorate portal providing access to fundamental research policies, the decision matrix, Section 1286 lists, and research security guidance for defense-funded research.
DOE's Research, Technology & Economic Security (RTES) portal providing access to policies, frameworks, and resources for managing research security risks in DOE-funded research.
NIH's research security portal providing access to notices, policies, decision matrices, and resources related to identifying and addressing foreign interference in NIH-funded research.
NSF's research security portal providing access to policies, forms, training resources, and guidance related to research security at the National Science Foundation.
In a September 29, 2025, notice (NOT-OD-25-161), the National Institutes of Health (NIH) rescinded the September 11, 2025, notice (NOT-OD-25-154) Implementation of NIH Research Security Policies. Per the notice, 'NIH continues to work with the National Science Foundation and other Federal research agencies to finalize guidance on each of the required elements outlined in the Office of Science and Technology Policy (OSTP) Guidelines for Research Security Programs at Covered Institutions, and to develop a centralized process for recipients to certify compliance.' The notice indicates that the implementation date for the requirements announced in NOT-OD-25-154 have not been finalized, the notice is therefore rescinded, and that 'NIH will issue updated guidance on Research Security requirements in the coming months.'
Issued September 24, 2025, and effective October 24, 2025, NIH implemented NOT-OD-25-160, a policy to enhance security for human biospecimens in NIH-funded research.
The National Academies Assessing Research Security Efforts in Higher Education working group held a number of meetings and a May workshop with federal and non-federal experts beginning September 2024 and concluding September 4, 2025, to discuss assessment of federal research security efforts. Proceedings from the workshop can be found on the National Academies website.
Published September 3, 2025, a National Academies Committee conducted an expedited study to examine federal research regulations and identify ways to improve regulatory processes and administrative tasks, reduce or eliminate unnecessary work, and modify and remove policies and regulations that have outlived their purpose while maintaining necessary and appropriate integrity, accountability, and oversight. Research security specific options include: implement the NSPM-33 common disclosure forms and disclosure table without deviation; establish common principles for agency research security risk reviews for fundamental research; continue prior efforts to streamline and clarify export controls; and adapt cybersecurity requirements for university settings.
Final Research Security Program (RSP) Guidelines published on July 9, 2024, via a memorandum to the heads of federal research funding agencies. Federal agencies are directed to implement the guidelines and provide time for institutional implementation. The four required areas are: cybersecurity, foreign travel security, research security training, and export control training. Agencies are coordinating implementation under a memorandum of agreement and anticipated to issue the requirements in early 2026.
A summary of the NSF-funded workshop 'Responsible Collaboration Through Appropriate Research Security' held at Rice University's Baker Institute for Public Policy in May 2024. Discusses challenges and opportunities in the emerging field of RoRS and provides recommendations to guide NSF's new RoRS program.
A summary document from AAU, updated in January 2024, that references key federal documentation that has been developed to address foreign influence in research.
AAMC's formal response to the OSTP Request for Information on the NSPM-33 Research Security Programs Standard Requirement, submitted in June 2023.
COGR's formal response to the OSTP Request for Information on the NSPM-33 Research Security Programs Standard Requirement, submitted in May 2023.
AAU's formal response to the OSTP Request for Information on the NSPM-33 Research Security Programs Standard Requirement, submitted in May 2023.
A Dear Colleague Letter issued by NSF in May 2023 regarding the NSPM-33 Research Security Programs Standard Requirement.
A March 2023 report issued by JASON and commissioned by NSF. Provides definitions of Research Integrity as adherence to accepted values and principles -- objectivity, honesty, openness, accountability, fairness, and stewardship -- that guide the conduct of research. Research Security is protecting the means, know-how, and products of research until they are ready to be shared. JASON suggests research security does not vary across disciplines, but the consequences of breaches in research security and the measures taken to prevent breaches will differ. Key points include an emphasis on training researchers on risks in international collaborations, the need to encourage collaboration with international organizations that are also concerned with research security, and avoiding creating a reputation of racial profiling or using the research security programs to disadvantage anyone based on ethnicity or nationality.
A Request for Information published in March 2023 by the White House OSTP seeking public comment on the NSPM-33 Research Security Programs Standard Requirement.
Draft standards for research security programs published for comment in February 2023 by OSTP/the NSTC Research Security Subcommittee. The document was superseded by the final standard guidelines published on July 9, 2024. The following are related documents and comments from higher education associations.
The National Academies of Sciences, Engineering, and Medicine's National Science, Technology, and Security Roundtable, called for in the Fiscal Year 2020 National Defense Authorization Act, explored issues related to protecting U.S. national and economic security while ensuring the open exchange of ideas and the international talent.
A May 2021 joint release from AAU and APLU highlighting key principles that can be adapted by both universities and the federal government to protect the research enterprise from foreign influence.
A supplement to NSPM-33 outlining recommendations for research organizations to enhance research security and integrity. Categories include: Demonstrate organizational leadership and oversight; Establish an expectation of openness and transparency; Provide and share training, support, and information; Ensure effective mechanisms for compliance with organizational policies; and Manage potential risks associated with collaborations and data.
A May 2020 joint release from AAU and APLU providing effective practices that can be utilized by universities to implement research security efforts and minimize foreign influence.
Issued on November 26, 2024. DOE's RTES office issued a 'framework to minimize, mitigate, and manage risks while maintaining an open, collaborative, and world-leading scientific enterprise.' The process includes three phases during which RTES will coordinate with program offices. This includes ensuring solicitations include appropriate language on RTES requirements, including assessment of technology risk level; and RTES 'due diligence' reviews before selection for award; and changes that occur during the life of a project that may trigger RTES review. Risk reviews use information disclosed to the agency as well as public and classified sources. Risk factors include ties to malign foreign talent recruitment programs, 'certain foreign funding sources', 'certain concerning behaviors associated with patenting', and ties to foreign entities or foreign collaborators on specified [certain U.S. restricted] lists 'or with specified characteristics.'
An NIH blog post from August 2024 explaining the new Decision Matrix and clarifying NIH processes for handling allegations of foreign interference.
August 2024. Assists agency staff in assessing grant applications and ongoing awards for potential foreign interference. Factors considered include: (1) current or past participation in a malign foreign talent recruitment program, which is prohibited by law, (2) undisclosed current or prior funding from a foreign country of concern (FCOC), or connected entity (currently China, Russia, North Korea, and Iran (higher risk)) or other foreign country (lower risk) and, (3) Indicators of an undisclosed current or past affiliation with an institution or entity located in or connected to a FCOC (higher-risk/mitigation) or foreign country (lower-risk/mitigation). Per the matrix, mitigation is either required, recommended, suggested, or not required based on the timing of the engagement and if accurate and complete disclosure information was provided. Mitigation conditions include: (1) specific award conditions, (2) modification of terms and conditions of award, (3) suspension, termination, or withdrawal of an award, (4) conversion from advance payment to reimbursement, and (5) recovery of funds.
June 2024. NSF initiated a proposal risk review process similar to that of DoD but with some notable differences. NSF's process will focus on critical technologies, beginning with a pilot of quantum technologies proposals in FY25, expanding to other key technologies in phase 2, and scaling up for all key technologies identified in the CHIPS and Science Act in phase 3. NSF will evaluate Three Criteria: 1. Appointments and positions with U.S. proscribed parties (e.g., U.S. BIS Entity List) and currently party to a MFTRP; 2. Non-disclosures of appointments, activities, and financial support; and 3. Potential foreseeable national security applications of the research. NSF will consider only current foreign appointments and affiliations and is not considering co-authorship in risk assessment.
Frequently asked questions about DARPA's Fundamental Research Risk-Based Security Review Program (FRR-BS), issued May 2024.
A survey issued by COGR in April 2024 documenting research institutions' experiences with DoD's policy for risk-based security reviews of fundamental research.
A March 2024 report commissioned by NSF and issued by the JASON group. Recommends NSF adopt a dynamic approach for identifying potentially sensitive research topics as they arise and weigh the balance between the protective benefits and the unintended negative consequences of controls on sensitive research. It is suggested that the identification of sensitive projects proposed to NSF occurs most naturally before peer or panel review. Specific mitigation strategies for sensitive research projects should be negotiated and agreed upon by the principal investigator (PI), NSF, and the institution and be proportionate to the assessed risk, relative to the associated costs.
A February 2024 biannual update from the Fast Track Action Subcommittee on Critical and Emerging Technologies of the NSTC that defines critical and emerging technologies (CETs), which are a subset of advanced technologies that have a significant impact on U.S. national security. [List of CETs is outlined on pages 8-11]
RTES presented on research security risk reviews during a COGR meeting in October 2023, noting that much of the agency's portfolio includes critical and emerging technologies. Among the areas noted as potential targets were Advanced batteries, Advanced computing, Advanced engineering materials, Advanced manufacturing, Artificial intelligence/machine learning, Autonomous systems and robotics, Biotechnologies, Quantum information technologies, Next generation renewable energy generation and storage and Semiconductors and microelectronics.
Issued June 29, 2023 by DoD. The document includes: 1. A Policy on Risk-based Security Reviews of Fundamental Research, 2. A Decision Matrix to Inform Fundamental Research Proposal Mitigation (Amended May 5, 2025), 3. A list of foreign institutions identified as engaging in problematic activity (Part 3, Table 1, Amended June 24, 2025), and 4. A list of foreign talent recruitment programs identified as posing a threat to U.S. national security interests (Part 3, Table 2). The Decision Matrix contains four factors for assessing senior/key personnel disclosures: a. Participation in foreign talent recruitment programs, b. Current or prior funding from foreign countries of concern (FCOCs), c. Filing a patent in an FCOC or on behalf of an FCOC-connected entity without disclosure, and d. Associations or affiliations with organizations on U.S. Entity (trade restriction) and other indicated (U.S. restricted) lists.
A June 2023 report issued by the National Academies providing recommendations that U.S. institutions of higher education can take to identify and mitigate risks associated with foreign-funded language and culture institutes on campus.
February 2023. Outlines advanced monitoring and verification activities of NSF proposals and awards. The guidelines largely serve to provide transparency and identify guardrails NSF has put in place around the use of data analytics to monitor and validate information disclosed (e.g., in biosketches and current and pending support). For example, the activities are not investigative and cannot be incorporated into the merit review process. Sources of information include SCOPUS, Web of Science, and the U.S. Patent and Trademark Office Patent Database.
Issued by the NCSC in December 2021, this document includes links to risk mitigation materials that can be utilized to improve: physical security, personnel security, operations security, cybersecurity, defensive counterintelligence, insider threat mitigation, and supply chain risk management.
NSF's formal response to the JASON Group's report on Fundamental Research Security, outlining how the Foundation plans to address the report's findings and recommendations.
A December 2019 report from the JASON Group commissioned by NSF. The report outlines that concerns of foreign influence can be addressed within the framework of research integrity and, in addition, that the benefits of openness in research and of the inclusion of foreign researchers dictate against measures that would restrict fundamental research. The report includes questions for researchers to consider when entering a collaboration [Section 7.3 Assessment Tools: pages 34-36].
A searchable database that provides ratings on 'risk' for collaboration with an entity. In addition to the tracker, an associated document (released in 2019): Exploring the military and security links of China's universities.
Effective October 1, 2025, recipient institutions must train senior/key personnel on the requirement to disclose all research activities and affiliations in Other Support and maintain a 'written and enforced policy on requirements for the disclosure of other support to ensure Senior/Key Personnel fully understand their responsibility to disclose.'
Issued on October 7, 2024, this document outlines DOE's implementation of research security training requirements for covered individuals on financial assistance applications and for organizations applying for an award. The requirement was effective immediately but not mandatory until May 1, 2025. The training requirement is satisfied either by completion of the four training modules created by NSF, completion of the SECURE Center CTM (as indicated per DOE post FAL), or by a custom training program that is aligned with the CHIPS and Science Act Section 10634(b). Per DOE the training must be completed within the 12 months immediately preceding the application submission, consistent with the CHIPS Act requirements, and any covered individuals added to the project must certify that they have completed the training within 30 calendar days of joining the project.
An updated one-hour condensed and consolidated federal research security training module offered by the SECURE Center. NSF, NIH, DoD, DOE, and USDA have indicated that the condensed module meets their research security requirements. The SCORM files (for upload in the institution's learning management systems), Storyline file, and transcript can also be found on the website. The training includes two, four or six editable html-based files that can be modified to supply institution-specific contact information and links to resources. A preview version can be viewed on the website and a version that offers a certificate of completion is now available.
A condensed and consolidated one-hour version of the four federal training modules developed by the University of Michigan in collaboration with Ohio State University, Stanford University, and Duke University. Other academic institutions or organizations can download for their use. The training includes two editable html-based files that can be modified to supply institution-specific contact information and links to resources. SCORM files, Storyline file, and written version of the narrative are available.
Research security training developed by institutions and organizations under cooperative agreements funded by NSF in collaboration with the National Institutes of Health (NIH), Department of Energy (DoE), and Department of Defense (DoD), with engagement from the Federal Bureau of Investigation (FBI). The training consists of 4 modules: 1.) What is Research Security?; 2.) Disclosure; 3.) Manage and Mitigate Risk; 4.) International Collaboration.
On September 24, 2025, and effective immediately, NIH issued NOT-OD-25-159, establishing new security, operational, and transparency standards for controlled-access data repositories (CADRs) that store and manage sensitive human research data.
In the September 10, 2025, Federal Register, the Department of Defense (DoD) issued a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the final Cybersecurity Maturity Model Certification (CMMC) program rule. The new rule formalizes the ability of the DoD to include CMMC requirements as a condition of contract award, to include either Federal Contract Information (FCI), Controlled Unclassified Information (CUI), or both.
The final CMMC Program rule published in October 2024 by the DoD Office of the Secretary establishing the Cybersecurity Maturity Model Certification framework for protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in the defense supply chain.
Joint comments submitted by ACE, AAU, APLU, COGR, and EDUCAUSE on February 26, 2024 in response to the proposed CMMC rule.
The proposed rule for the CMMC Program published in December 2023, which was superseded by the final rule in October 2024.
An initial public draft issued by NIST in August 2023 that summarizes feedback NIST received on institutions of higher education (IHE) cybersecurity challenges and includes resources and possible next steps. Per the final research security program guidelines published July 9, 2024, institutions are to implement a cybersecurity program one year after publication of the final version of this NIST cybersecurity resource. Federal research funding agencies, working with NIST and IHEs via the Federal Demonstration Partnership (FDP), are currently developing cybersecurity guidelines that align with NIST 8481 for use in RSPs.
Published August 4, 2025, this guidance provides background on Fundamental Research (FR) as defined by NSDD-189 and DoD's implementation of the Directive via the May 24, 2010 'Carter Memo'. The Guidance notes that 'under the Carter Memo, research funded by 6.1 budget activity or 6.2 research conducted on a university campus is fundamental. For other research categories, the Department must be deliberate when deciding that a particular research topic is appropriate for openly published fundamental research'. It incorporates Considerations for Program Managers and Contracts and Grants Officers, including: a. Refraining from imposing publication review of research that has been formally designated as fundamental; b. For awards with multiple performers, considering whether some portion of the work should be designated as FR even if much of the award is not; and c. Avoiding flowing down restrictions to awardees performing FR that are inappropriate for FR. In addition, no security vetting should be done on personnel engaged in fundamental research and no preapproval conditions for the addition of researchers.
A foundational federal document from September 1985 issued by the Office of the President that outlined a national policy of openness in federally-funded fundamental research, including the fundamental research exclusion.
Published by DoD on June 24, 2025, this document introduces the FY23 lists of foreign institutions identified as engaging in problematic activity and foreign talent recruitment programs identified as posing a threat to U.S. national security, as required by Section 1286 of the FY2019 NDAA.
The CHIPS and Science Act of 2022 directs federal research funding agencies to establish a policy that requires each covered individual (CI) listed in an R&D proposal to certify that they are not a party to a MFTRP in the proposal submission and annually thereafter for the duration of the award. NSF was the first federal agency to implement this certification via the common federal biosketch and current and pending support forms in May 2024. NSF began rolling out the annual certification on June 7, 2025, for all PIs and co-PIs named on an NSF award made on or after May 20, 2024. NSF is making sample contracts available that meet the parameters of a MFTRP. Contract examples and frequently asked questions can be found on the NSF website under MFTRPs.
Per Section 10631 of the CHIPS and Science Act, this document issued in February 2024 from the White House OSTP provides definitions of both foreign talent recruitment programs (FTRPs) and malign foreign talent recruitment programs (MFTRPs) [pages 4-6] and what is not considered an FTRP. A foreign talent recruitment program is any program, position, or activity that includes compensation in the form of cash, in-kind compensation, including research funding, promised future compensation, complimentary foreign travel, things of non de minimis value, honorific titles, career advancement opportunities, or other types of remuneration or consideration directly provided by a foreign country at any level or their designee, or an entity based in, funded by, or affiliated with a foreign country.
A 2024 report by the National Academies: Sciences, Engineering and Medicine examining international talent programs in the context of the changing global environment.
The G7 research security portal providing resources and coordination among G7 member nations (Canada, France, Germany, Italy, Japan, United Kingdom, and United States) on research security best practices and policies.
An August 2024 report emphasizing the importance of the critical quantum information science and technology (QIST) field and the need to enhance interagency cooperation, fund international collaboration, and track global competitiveness.
Published February 2024, this document outlines best practices agreed upon by G7 member nations for maintaining secure and open research.
Published August 2023 by NIST, this report integrates several U.S. government policies and guidelines to develop a framework for an integrated, risk-balanced approach for safeguarding international science and technology from undue foreign interference.
A Government of Canada website (October 2022) that provides guidance and resources for researchers engaging in international research.
Released in May 2022 from the Committee on guidelines for international research and innovation cooperation to facilitate international cooperation in research.
November 2021 guidelines for the Australian University sector to help manage and engage with risk to deepen resilience against foreign interference in the university sector.
Published April 2021, Japan's policy directions for ensuring research integrity in response to new risks associated with increasing internationalization and openness of research activities.
Published in 2020. Purpose is to aid universities in assessing collaborations and the best approach to international collaboration.
A reference (2019) that can be utilized for advice and guidance which supports the integrity of the system of international research collaboration.
The 'Wolf Amendment' (2011) prohibits participation, collaboration, or coordination bilaterally with China or any Chinese-owned company on any NASA project at the prime or subrecipient level. NASA clarified in a September 2022 presentation that the agency defines a 'Chinese-owned company' as any company owned by China, or any company incorporated under the laws of China, and that Chinese universities and similar institutions are considered to be incorporated under the laws of China and therefore the funding restrictions apply.
The Congressional Research Service (CRS) issued a report on May 20, 2025, summarizing federal research security policy efforts to date, and providing options Congress might consider to address perceived gaps or deficiencies while also remaining cognizant of the potential increase to administrative burden they would present. Proposed options discussed include: a. Expanding sources of foreign support researchers are required to disclose, b. Broadening the scope of who is required to disclose Current and Pending (Other) Support, c. Increasing the frequency of post-award updates, d. Expanding agency requirements when reviewing disclosed information, e. Focusing risk assessment activities more narrowly on critical and emerging technologies, f. Expanding agencies' requirements to report to congress on research security violations, mitigation measures, and implementation status.
September 2024, report ordered by Committee on Homeland Security. States that IHEs which have a relationship with a Confucius Institute or Chinese entity of concern is ineligible to receive any funds from the Department of Homeland Security, unless the institution terminates the relationship.
A congressional hearing held in February 2024 with representatives from the White House (OSTP), NSF, NIH, and DoE examining federal science agency actions to secure the U.S. science and technology enterprise.
September 2022. Requires agencies to implement a due diligence program to assess security risks for SBIR and STTR proposals. Disclosure requirements include information on foreign ties, business relationships, investment, and ownership. [Source: AAU, January 2024].
Directs NSF to collect annual summaries of foreign financial support from universities. The provision establishes a reporting threshold of $50,000 or more in [cumulative] financial support, including gifts and contracts, received directly or indirectly from a foreign country of concern (China, Russia, North Korea, and Iran at the time the law was enacted), or any other country determined to be a concern by the Secretary of State. This is in addition to the reporting of gifts and contracts from all foreign countries with a cumulative value of $250,000 or more via the Higher Education Act and Department of Education.
Places restrictions on eligibility for NSF R&D funding for institutions that host or support Confucius [or Confucius-like] institutes.
Directs [NSF] to establish a research security and integrity information sharing analysis organization to enable the research community to share information, identify research security risks, and implement risk assessment and mitigation best practices and procurement of a non-government organization to run this center. The SECURE Program, including the SECURE Center and SECURE Analytics, were implemented to answer this call.
Expands the requirement for RCR training to include faculty and other senior personnel on [NSF] awards and expands the scope of such training to include mentoring training and training to raise awareness of research security risks as well as Federal export control, disclosure, and reporting requirements.
OSTP to issue guidance to Federal research agencies to prohibit participation in 'foreign talent recruitment programs' by agency personnel and provide additional clarification to the research community regarding which activities are considered 'foreign talent recruitment programs.' OSTP is also directed to issue guidance clarifying that researchers working on Federally supported research projects must disclose participation in FTRPs in Federal research award proposals. OSTP is further directed to issue guidance for Federal research agencies to prohibit researchers working on agency-funded projects from participating in 'malign foreign talent recruitment programs,' and certify both at the time of proposal and annually that they are not part of a malign foreign talent recruitment program.
Authorizes the NSF OCRSSP, in coordination with the Office of Inspector General (OIG), to conduct risk assessments, including through the use of open-source analysis and analytical tools, of R&D award applications and disclosures to NSF.
Directs [NSF] to develop an online resource to inform institutions and researchers of security risks and best practices and explain Foundation research security policies.
Establishes an Office of Research Security, Strategy, and Policy within NSF.
Requires NIST to offer resources and technical assistance to research intensive universities to help them mitigate cyber risks related to conducting research.
Requires NIST to consider the needs of IHEs when creating cybersecurity guidance.
DOE Office of Science to develop and maintain tools and processes to manage and mitigate research security risks such as an S&T risk matrix, informed by threats identified by the Office of Defense National Intelligence (ODNI).
Signed into law in August 2022, the CHIPS and Science Act includes a number of research security provisions. Key sections address research security at DOE, NIST cybersecurity guidance, NSF Office of Research Security and Policy, research security training requirements, information sharing analysis organizations, Confucius Institute restrictions, foreign financial support reporting, and foreign talent recruitment program requirements.
Signed January 3, 2020. Section 223 mandates disclosure of funding sources in applications for federal R&D awards and holds universities accountable for ensuring faculty awareness. Section 1299C is an amendment to FY 2019 NDAA Section 1286 requiring designation of an official responsible for liaising with academic institutions and briefing them on espionage risks. Section 1062 restricts DoD and NSF funds to institutions hosting a Confucius Institute. Section 9907 prohibits any funds for microelectronics initiatives to a foreign entity of concern.
Signed December 20, 2019. Section 1746 directs OSTP to establish an interagency working group (the Research Security Subcommittee) under the NSTC to protect federally funded R&D from foreign interference, cyberattacks, theft, or espionage and to develop recommendations for best practices for federal agencies and grantee institutions. Section 1746 also called on the National Academy of Science, Engineering and Medicine to stand up a new Roundtable on Science, Technology, and Security. Includes Confucius Institute waiver criteria for DoD.
Signed into law July 26, 2018. Section 1286 directs the Secretary of Defense to establish an initiative to work with IHEs who perform defense research and engineering activities and name an academic liaison. It also directed DoD to publish a list of institutions and foreign talent recruitment programs that have perpetuated malicious activities or that operate under the direction of the military forces or the intelligence agency of the applicable country and thus pose a threat to national security. The resulting list is updated annually.
Compare how each agency handles biosketch and current/pending disclosure.
Compare training and certification requirements across agencies.
Compare how agencies conduct risk assessment and review.
Compare malign foreign talent recruitment program certification requirements.