Research Security Programs

Direct link to COGR's Matrix of Science & Security Laws, Regulations, and Policies.

A Request for Information published in March 2023 by the White House OSTP seeking public comment on the NSPM-33 Research Security Programs Standard Requirement.

A summary document issued by COGR in January 2022 that highlights key points of the Guidance for Implementing NSPM-33 Provisions.

A supplement to NSPM-33 outlining recommendations for research organizations to enhance research security and integrity. Categories include: Demonstrate organizational leadership and oversight; Establish an expectation of openness and transparency; Provide and share training, support, and information; Ensure effective mechanisms for compliance with organizational policies; and Manage potential risks associated with collaborations and data.

A Presidential Memorandum issued in January 2021 to strengthen protections of U.S. Government-supported R&D against foreign government interference and exploitation. It focuses on ensuring full disclosure of potential conflicts of interest and commitment by recipients of federal R&D and requires research institutions receiving over $50 million in federal R&D funding to certify they operate a research security program covering cybersecurity, foreign travel security, insider threat awareness, and export control training. As of November 2025, federal agencies continue to coordinate and work to implement this requirement for awardee institutions.

A May 2020 joint release from AAU and APLU providing effective practices that can be utilized by universities to implement research security efforts and minimize foreign influence.

Direct link to COGR's Quick Reference Table of Current & Upcoming Federal Research Security Requirements.

Draft standards for research security programs published for comment in February 2023 by OSTP/the NSTC Research Security Subcommittee. The document was superseded by the final standard guidelines published on July 9, 2024. The following are related documents and comments from higher education associations.

A January 2022 report by the White House OSTP/NSTC Research Security Subcommittee providing additional details on 1.) Disclosure Requirements and Standardization 2.) Persistent Identifiers 3.) Consequences for Violation of Disclosure Requirements 4.) Information Sharing and 5.) Research Security Programs. Largely superseded by the final July 9, 2024 guidelines.

A May 2021 joint release from AAU and APLU highlighting key principles that can be adapted by both universities and the federal government to protect the research enterprise from foreign influence.

COGR's formal response to the OSTP Request for Information on the NSPM-33 Research Security Programs Standard Requirement, submitted in May 2023.

Issued by the NCSC in December 2021, this document includes links to risk mitigation materials that can be utilized to improve: physical security, personnel security, operations security, cybersecurity, defensive counterintelligence, insider threat mitigation, and supply chain risk management.

AAU's formal response to the OSTP Request for Information on the NSPM-33 Research Security Programs Standard Requirement, submitted in May 2023.

A November 2023 supplement to the NSPM-33 Implementation Guidance that provides definitions of terms used throughout the guidance and related policy documents.

AAMC's formal response to the OSTP Request for Information on the NSPM-33 Research Security Programs Standard Requirement, submitted in June 2023.

EDUCAUSE's formal response commenting on the Research Security Programs standard requirement, submitted in June 2023.

Final Research Security Program (RSP) Guidelines published on July 9, 2024, via a memorandum to the heads of federal research funding agencies. Federal agencies are directed to implement the guidelines and provide time for institutional implementation. The four required areas are: cybersecurity, foreign travel security, research security training, and export control training. Agencies are coordinating implementation under a memorandum of agreement and anticipated to issue the requirements in early 2026.

A February 2024 biannual update from the Fast Track Action Subcommittee on Critical and Emerging Technologies of the NSTC that defines critical and emerging technologies (CETs), which are a subset of advanced technologies that have a significant impact on U.S. national security. [List of CETs is outlined on pages 8-11]

A summary document from AAU, updated in January 2024, that references key federal documentation that has been developed to address foreign influence in research.

A matrix that lists policies and requirements under the headings of: Disclosures, Agency Risk Assessment, FCOI & COC, Training, Certifications, and Research Security Program for each federal agency. Per COGR, this tool is frequently updated to reflect the release of new documentation. Updated September 30, 2025.

A chart that compares federal laws, regulations, and policies in the area of science and security. The chart is divided into three separate tabs that cover (a) major federal-wide legislation or policy, (b) agency disclosure requirements for researchers and research institutions; and (c) agency conflict of interest policies. Updated September 30, 2025.

Signed December 20, 2019. Section 1746 directs OSTP to establish an interagency working group (the Research Security Subcommittee) under the NSTC to protect federally funded R&D from foreign interference, cyberattacks, theft, or espionage and to develop recommendations for best practices for federal agencies and grantee institutions. Section 1746 also called on the National Academy of Science, Engineering and Medicine to stand up a new Roundtable on Science, Technology, and Security. Includes Confucius Institute waiver criteria for DoD.

Signed into law in August 2022, the CHIPS and Science Act includes a number of research security provisions. Key sections address research security at DOE, NIST cybersecurity guidance, NSF Office of Research Security and Policy, research security training requirements, information sharing analysis organizations, Confucius Institute restrictions, foreign financial support reporting, and foreign talent recruitment program requirements.

A congressional hearing held in February 2024 with representatives from the White House (OSTP), NSF, NIH, and DoE examining federal science agency actions to secure the U.S. science and technology enterprise.

The Congressional Research Service (CRS) issued a report on May 20, 2025, summarizing federal research security policy efforts to date, and providing options Congress might consider to address perceived gaps or deficiencies while also remaining cognizant of the potential increase to administrative burden they would present. Proposed options discussed include: a. Expanding sources of foreign support researchers are required to disclose, b. Broadening the scope of who is required to disclose Current and Pending (Other) Support, c. Increasing the frequency of post-award updates, d. Expanding agency requirements when reviewing disclosed information, e. Focusing risk assessment activities more narrowly on critical and emerging technologies, f. Expanding agencies' requirements to report to congress on research security violations, mitigation measures, and implementation status.

The National Academies of Sciences, Engineering, and Medicine's National Science, Technology, and Security Roundtable, called for in the Fiscal Year 2020 National Defense Authorization Act, explored issues related to protecting U.S. national and economic security while ensuring the open exchange of ideas and the international talent.

Published September 3, 2025, a National Academies Committee conducted an expedited study to examine federal research regulations and identify ways to improve regulatory processes and administrative tasks, reduce or eliminate unnecessary work, and modify and remove policies and regulations that have outlived their purpose while maintaining necessary and appropriate integrity, accountability, and oversight. Research security specific options include: implement the NSPM-33 common disclosure forms and disclosure table without deviation; establish common principles for agency research security risk reviews for fundamental research; continue prior efforts to streamline and clarify export controls; and adapt cybersecurity requirements for university settings.

The National Academies Assessing Research Security Efforts in Higher Education working group held a number of meetings and a May workshop with federal and non-federal experts beginning September 2024 and concluding September 4, 2025, to discuss assessment of federal research security efforts. Proceedings from the workshop can be found on the National Academies website.

The ODNI research security portal providing resources, threat briefings, and guidance for the academic research community on protecting research from foreign intelligence threats.

AAMC's portal for research security resources, providing guidance and advocacy materials on research security and foreign influence at U.S. academic institutions.

COGR's homepage providing access to research security resources, matrices, quick reference tables, and policy analysis for research institutions navigating federal research security requirements.

The Federal Demonstration Partnership homepage, a cooperative initiative among federal agencies and institutional recipients of federal funds working to streamline the administration of federally sponsored research.

The AAU homepage providing access to research security resources, policy statements, and advocacy materials from the Association of American Universities.

The APLU homepage providing access to research security resources and advocacy materials from the Association of Public and Land-Grant Universities.

A foundational federal document from September 1985 issued by the Office of the President that outlined a national policy of openness in federally-funded fundamental research, including the fundamental research exclusion.

The G7 research security portal providing resources and coordination among G7 member nations (Canada, France, Germany, Italy, Japan, United Kingdom, and United States) on research security best practices and policies.

Published February 2024, this document outlines best practices agreed upon by G7 member nations for maintaining secure and open research.

November 2021 guidelines for the Australian University sector to help manage and engage with risk to deepen resilience against foreign interference in the university sector.

Published April 2021, Japan's policy directions for ensuring research integrity in response to new risks associated with increasing internationalization and openness of research activities.

A reference (2019) that can be utilized for advice and guidance which supports the integrity of the system of international research collaboration.