Reference Library

Grant Information Circular issued by NASA on February 5, 2026 to implement the research security training (RST) and certification requirements mandated by Section 10634 of the CHIPS and Science Act of 2022 for all research grant and cooperative agreement proposals submitted to the agency. Covered individuals (PIs, Co-PIs, and Co-Is proposing 10 percent or more effort) must certify on their Biographical Sketch and Current and Pending (Other) Support forms that they completed RST within the 12 months prior to proposal submission, with applicant entities certifying via NSPIRES. Requirements take effect August 5, 2026, and NASA recognizes the NSF SECURE Center's Consolidated Training Module (CTM) as a compliant option.

An NIH Guide Notice issued February 4, 2026 confirming that NIH will not withdraw initial applications, JITs, RPPRs, or Prior Approvals submitted on or after January 25 that fail to use the Common Forms via SciENcv for Biographical Sketches, Current and Pending (Other) Support, and NIH Biographical Sketch Supplements. Instead, NIH will provide a warning message when the Common Forms are not used, while still encouraging applicants and recipients to begin using the Common Forms as soon as possible.

A directive issued January 8, 2026, by Emil Michael, Under Secretary of Defense for Research and Engineering, to strengthen research security measures for all DoD-funded fundamental research and counter foreign influence, intellectual property theft, and exploitation. Key actions include prohibiting DoD funding to entities linked to Chinese military companies or with histories of IP theft, implementing annual compliance checks, and establishing a centralized Fundamental Research Risk Review Repository by FY 2026, along with automated vetting tools, damage assessments, and a common research grant database.

On December 31, 2025, the USDA released a Secretary's Memorandum ordering all USDA agencies and staff to implement new USDA General Terms and Conditions (T&Cs), effective immediately, for all future USDA awards. The new General T&Cs include several research security-related requirements, including institutional certification regarding foreign ownership, control, or influence by a country of concern, institutional malign foreign talent recruitment program certification, institutional research security training certification, and institutional certification of Common Form information.

On December 31, 2025, USDA released a Secretary's Memorandum ordering all USDA agencies and staff to implement new USDA General Terms and Conditions (T&Cs), applied effective immediately to all future USDA awards. The new General T&Cs include several research security-related requirements: institutional certification regarding foreign ownership, control, or influence by a country of concern; institutional malign foreign talent recruitment program (MFTRP) certification; institutional research security training certification; and institutional certification of Common Form information.

On December 18, 2025, the U.S. House Committee on Science, Space, and Technology's Subcommittee on Investigations and Oversight held a hearing examining the implementation of research security measures under the CHIPS and Science Act and NSPM-33. Witnesses included officials from NSF, NASA, NIH, and DOE.

An FDP overview of the current status of federal research funding agency implementation of research security requirements for researchers and institutions, in accordance with the conditions of the CHIPS and Science Act of 2022 (CHIPS Act) and National Security Presidential Memorandum-33 (NSPM-33).

On December 5, 2025, NSF notified the research community that it is offering a grace period for enforcement of Important Notice No. 149 for proposals submitted between December 2 and December 31, 2025, to accommodate programs with deadlines near the December 2, 2025 effective date. NSF will continue to accept proposals using the previous Biographical Sketch and Current and Pending (Other) Support forms until December 31, 2025; after that date, all proposals must incorporate the new senior/key personnel certifications (research security training within the past 12 months and not being a party to a malign foreign talent recruitment program) required under Important Notice No. 149.

Financial Assistance Letter FAL 2026-02, issued by the U.S. Department of Energy on December 3, 2025, mandating that any DOE notices of funding opportunities (NOFOs), including those from the National Nuclear Security Administration, issued on or after December 3, 2025, require use of the Common Forms via the SciENcv system for Biographical Sketches and Current and Pending (Other) Support (CPS). DOE's adoption of the Biosketch Common Form replaces its prior use of the Resume form, with program offices retaining latitude to specify certain data requirements (such as digital persistent identifier requirements or additional CPS disclosures) within a given NOFO.

Issued December 2, 2025, NOT-OD-26-018 announces NIH's adoption of the Common Forms for Biographical Sketches and Current and Pending (Other) Support. Use of the Common Forms and the NIH Biosketch Supplement is required for applications with due dates on or after January 25, 2026, and for RPPRs and Just-In-Time responses submitted on or after that date, all completed via SciENcv. By February 6, 2026, failure to use the Common Forms generates a submission-blocking error, and the transition incorporates malign foreign talent recruitment program (MFTRP) certifications from institutions and senior/key personnel.

On December 2, 2025, NIH released NOT-OD-26-017 notifying the extramural community that, effective for applications submitted for due dates on or after May 25, 2026, each individual listed as senior/key personnel must certify they have completed research security training (RST) within 12 months of the date of application submission. The certification is collected via the Biographical Sketch in SciENcv. Applicants may use any RST addressing topics mandated under the CHIPS and Science Act, and NIH recognizes completion of the SECURE Center condensed training module (CTM) as compliant.

On November 25, 2025, the National Science Foundation (NSF) released an update to the agency's Important Notice No. 149. The update states that the requirements originally slated to take effect in October 2025 instead take effect on December 2, 2025 as a result of the recent government shutdown. The impacted requirements include: certifications of research security training for senior/key personnel; institutional certifications regarding contracts or agreements with Confucius Institutes; and recipient institutions providing supporting documentation for senior/key personnel activities reported as current and pending (other) support (e.g., contracts, grants, appointment letters) to NSF, upon request.

A COGR overview (November 20, 2025) of the research security-related regulations and frameworks most salient to Technology Transfer Offices, written to help technology transfer professionals navigate practical considerations arising from federal research security requirements.

A matrix that lists policies and requirements under the headings of: Disclosures, Agency Risk Assessment, FCOI & COC, Training, Certifications, and Research Security Program for each federal agency. Per COGR, this tool is frequently updated to reflect the release of new documentation. Updated September 30, 2025.

A chart that compares federal laws, regulations, and policies in the area of science and security. The chart is divided into three separate tabs that cover (a) major federal-wide legislation or policy, (b) agency disclosure requirements for researchers and research institutions; and (c) agency conflict of interest policies. Updated September 30, 2025.

In a September 29, 2025, notice (NOT-OD-25-161), the National Institutes of Health (NIH) rescinded the September 11, 2025, notice (NOT-OD-25-154) Implementation of NIH Research Security Policies. Per the notice, 'NIH continues to work with the National Science Foundation and other Federal research agencies to finalize guidance on each of the required elements outlined in the Office of Science and Technology Policy (OSTP) Guidelines for Research Security Programs at Covered Institutions, and to develop a centralized process for recipients to certify compliance.' The notice indicates that the implementation date for the requirements announced in NOT-OD-25-154 have not been finalized, the notice is therefore rescinded, and that 'NIH will issue updated guidance on Research Security requirements in the coming months.'

Issued September 24, 2025, and effective October 24, 2025, NIH implemented NOT-OD-25-160, a policy to enhance security for human biospecimens in NIH-funded research.

On September 24, 2025, and effective immediately, NIH issued NOT-OD-25-159, establishing new security, operational, and transparency standards for controlled-access data repositories (CADRs) that store and manage sensitive human research data.

On September 18, 2025, NIH released additional information regarding the agency's new application and award structure for international collaborations, previously announced in NIH NOT-OD-25-155. In addition to summarizing impacts to proposing/recipient institutions, the announcement provides links to additional information for the four new Activity Codes (grant types) that will be used to facilitate the new application and award process.

Issued September 12, 2025, this notice provides additional information on the agency's new process for handling foreign components, as NIH announced in NOT-OD-25-104 that the agency would not issue awards for proposals that include subawards to foreign entities. Under the process described in NOT-OD-25-155, competing applications that include one or more foreign components must submit to a Notice of Funding Opportunity (NOFO) that supports a complex mechanism activity code, including two new international project 'parent' activity codes that NIH is creating: PF5 for grants and UF5 for cooperative agreements.

In the September 10, 2025, Federal Register, the Department of Defense (DoD) issued a final rule amending the Defense Federal Acquisition Regulation Supplement (DFARS) to incorporate contractual requirements related to the final Cybersecurity Maturity Model Certification (CMMC) program rule. The new rule formalizes the ability of the DoD to include CMMC requirements as a condition of contract award, to include either Federal Contract Information (FCI), Controlled Unclassified Information (CUI), or both.

The National Academies Assessing Research Security Efforts in Higher Education working group held a number of meetings and a May workshop with federal and non-federal experts beginning September 2024 and concluding September 4, 2025, to discuss assessment of federal research security efforts. Proceedings from the workshop can be found on the National Academies website.

On September 4, 2025, NIH issued notice NOT-OD-25-152, regarding the agency's plans to release preview versions of NIH's Common Forms for Biographical Sketches (Biosketches) and Current and Pending (Other) Support in the Science Experts Network Curriculum Vitae (SciENcv) system. Access to the preview versions is purely for informational purposes and applicants/recipients may not submit documents to NIH that were created using the preview functionality. Applicants/recipients must continue to use the current NIH Biosketch and Other Support forms until NIH officially implements its Common Forms, which the agency anticipates will occur in November 2025. The fall 2025 government shutdown may impact this timeline.

Published September 3, 2025, a National Academies Committee conducted an expedited study to examine federal research regulations and identify ways to improve regulatory processes and administrative tasks, reduce or eliminate unnecessary work, and modify and remove policies and regulations that have outlived their purpose while maintaining necessary and appropriate integrity, accountability, and oversight. Research security specific options include: implement the NSPM-33 common disclosure forms and disclosure table without deviation; establish common principles for agency research security risk reviews for fundamental research; continue prior efforts to streamline and clarify export controls; and adapt cybersecurity requirements for university settings.

Published August 4, 2025, this guidance provides background on Fundamental Research (FR) as defined by NSDD-189 and DoD's implementation of the Directive via the May 24, 2010 'Carter Memo'. The Guidance notes that 'under the Carter Memo, research funded by 6.1 budget activity or 6.2 research conducted on a university campus is fundamental. For other research categories, the Department must be deliberate when deciding that a particular research topic is appropriate for openly published fundamental research'. It incorporates Considerations for Program Managers and Contracts and Grants Officers, including: a. Refraining from imposing publication review of research that has been formally designated as fundamental; b. For awards with multiple performers, considering whether some portion of the work should be designated as FR even if much of the award is not; and c. Avoiding flowing down restrictions to awardees performing FR that are inappropriate for FR. In addition, no security vetting should be done on personnel engaged in fundamental research and no preapproval conditions for the addition of researchers.