Reference Library

Issued July 18, 2025 as a follow-up to NOT-OD-25-104. This updated guidance creates an alternative, short-term approach for existing grants and cooperative agreements involving human subjects research (e.g., clinical trials and clinical research) with foreign sites. The alternative approach involves removing a foreign sub-award from the primary award and having it issued as a foreign supplement award.

Effective October 1, 2025, recipient institutions must train senior/key personnel on the requirement to disclose all research activities and affiliations in Other Support and maintain a 'written and enforced policy on requirements for the disclosure of other support to ensure Senior/Key Personnel fully understand their responsibility to disclose.'

Published July 10, 2025. Includes NSF implementation of three new requirements (and three existing ones) in alignment with the CHIPS and Science Act and NSPM-33. The requirements, effective October 10, 2025, include: a. Recipient institutions must maintain supporting documentation for foreign activities reported as current and pending (other) support, b. Senior/key personnel must certify they have completed research security training (RST) within 12 months prior to proposal submission; Recipient institutions' Authorized Organizational Representative (AOR) must certify that all senior/key personnel have completed required RST and that the institution has a plan to provide appropriate training, c. AORs at institutions of higher education (IHEs) must certify that, absent a waiver granted by the NSF Director, the IHE does not maintain a contract or agreement between the institution and a Confucius Institute.

Issued July 8, 2025. This memorandum: a. Requires all USDA Mission Areas, Agencies, and Offices to: i. Within 30 days, conduct a comprehensive review of all current USDA awards/subawards with foreign persons/entities and provide justification as to why a US recipient was not selected, ii. Effective immediately, request approval (including justification) prior to issuing an award/subaward to a foreign person/entity. b. Requires applicants (i.e., covered individuals) to: i. Complete the Common Forms for Biographical Sketches and Current and Pending (Other) Support and provide updated information annually, ii. Certify they are not a participant in a malign foreign talent recruitment program (MFTRP) and recertify annually, iii. Certify that they are not contracting with or providing benefit to any foreign person/entity in a country of concern, iv. Certify that they are not party to utilizing forced labor, v. Complete an annual disclosure of contracts associated with participation in programs sponsored by foreign governments/entities, vi. Seek approval from USDA to subaward any portion of a funded arrangement, including university students, post-doctoral fellows, and visiting researchers. c. Requires Employing Entities to: i. Certify to applicants' completion of research security training, ii. Prohibit applicants who either are currently or have in the past 10 years participated in MFTRPs from working on USDA projects, iii. Provide supporting documentation for foreign activities reported as current and pending support, iv. Review any documents required under the memorandum for compliance with USDA award terms and conditions.

Published by DoD on June 24, 2025, this document introduces the FY23 lists of foreign institutions identified as engaging in problematic activity and foreign talent recruitment programs identified as posing a threat to U.S. national security, as required by Section 1286 of the FY2019 NDAA.

The CHIPS and Science Act of 2022 directs federal research funding agencies to establish a policy that requires each covered individual (CI) listed in an R&D proposal to certify that they are not a party to a MFTRP in the proposal submission and annually thereafter for the duration of the award. NSF was the first federal agency to implement this certification via the common federal biosketch and current and pending support forms in May 2024. NSF began rolling out the annual certification on June 7, 2025, for all PIs and co-PIs named on an NSF award made on or after May 20, 2024. NSF is making sample contracts available that meet the parameters of a MFTRP. Contract examples and frequently asked questions can be found on the NSF website under MFTRPs.

The Congressional Research Service (CRS) issued a report on May 20, 2025, summarizing federal research security policy efforts to date, and providing options Congress might consider to address perceived gaps or deficiencies while also remaining cognizant of the potential increase to administrative burden they would present. Proposed options discussed include: a. Expanding sources of foreign support researchers are required to disclose, b. Broadening the scope of who is required to disclose Current and Pending (Other) Support, c. Increasing the frequency of post-award updates, d. Expanding agency requirements when reviewing disclosed information, e. Focusing risk assessment activities more narrowly on critical and emerging technologies, f. Expanding agencies' requirements to report to congress on research security violations, mitigation measures, and implementation status.

The Department of Energy's official page describing its research security training requirement for R&D financial assistance awards. Effective May 1, 2025, covered individuals (PI, PD, Co-PI, Co-PD, project manager, and any individual functionally performing such roles, with possible expansion via NOFO terms and conditions) must complete research security training within 12 months prior to proposal submission. DOE accepts the SECURE Center Condensed Training Module (CTM).

Issued May 1, 2025. Prospectively updates NIH policies and practices for utilizing foreign subawards. Per the notice, 'NIH is establishing a new award structure that will prohibit foreign subawards from being nested under the parent grant. This new award structure will include a prime [with independent linked awards] that will allow NIH to track the project's funds individually while scientific progress will be reported collectively by the primary institution under the Research Performance Progress Report.' NIH anticipates implementing the new award structure by no later than September 30, 2025, prior to Fiscal Year 2026. The policy continues to support direct foreign awards and plans to expand this policy to domestic subawards in the future, for consistency.

Effective immediately (April 29, 2025), the SBIR and STTR Foreign Disclosure and Risk Management Requirements described in NOT-OD-23-139 and NOT-OD-24-029 may be applied to all active SBIR and STTR awards regardless of the due date the competing application was submitted. Recipients with active awards that did not undergo foreign risk assessment at the time of their original application may be required to disclose all funded and unfunded relationships with foreign countries, using the Required Disclosures of Foreign Affiliations or Relationships to Foreign Countries Form. If the recipient reports a covered foreign relationship that meets any of the risk criteria prohibiting funding, NIH may deem it necessary to terminate the award for material failure to comply with the federal statutes, regulations, or terms and conditions of the federal award.

An NIH form used by recipients with active SBIR and STTR awards to disclose all funded and unfunded relationships with foreign countries. Per NOT-OD-25-102, recipients whose awards did not undergo foreign risk assessment at the time of their original application may be required to use this form, and NIH may terminate awards where a reported covered foreign relationship meets risk criteria prohibiting funding.

A March 2025 HHS Office of Inspector General review finding that many institutions receiving NIH funding did not fully understand when monetary donations must be reported as 'Other Support' versus when they qualify as unrestricted gifts. The scenarios in this review correspond with the illustrative scenarios later posted by the NIH Office of Policy for Extramural Research Administration (OPERA) to help investigators and institutions make this determination.

An NIH OPERA document providing illustrative scenarios to help investigators and institutions determine when monetary donations must be disclosed as Other Support versus when they qualify as unrestricted gifts. It explains that donations must be reported as Other Support when intended to directly support an investigator's research activities and carrying explicit or implicit expectations, such as use for specific projects, placement into a research account, or requirements to provide updates to donors. The scenarios correspond with those in the Office of the Inspector General's March 2025 review of institutional understanding of monetary donation reporting.

Issued on November 26, 2024. DOE's RTES office issued a 'framework to minimize, mitigate, and manage risks while maintaining an open, collaborative, and world-leading scientific enterprise.' The process includes three phases during which RTES will coordinate with program offices. This includes ensuring solicitations include appropriate language on RTES requirements, including assessment of technology risk level; and RTES 'due diligence' reviews before selection for award; and changes that occur during the life of a project that may trigger RTES review. Risk reviews use information disclosed to the agency as well as public and classified sources. Risk factors include ties to malign foreign talent recruitment programs, 'certain foreign funding sources', 'certain concerning behaviors associated with patenting', and ties to foreign entities or foreign collaborators on specified [certain U.S. restricted] lists 'or with specified characteristics.'

Issued on October 7, 2024, this document outlines DOE's implementation of research security training requirements for covered individuals on financial assistance applications and for organizations applying for an award. The requirement was effective immediately but not mandatory until May 1, 2025. The training requirement is satisfied either by completion of the four training modules created by NSF, completion of the SECURE Center CTM (as indicated per DOE post FAL), or by a custom training program that is aligned with the CHIPS and Science Act Section 10634(b). Per DOE the training must be completed within the 12 months immediately preceding the application submission, consistent with the CHIPS Act requirements, and any covered individuals added to the project must certify that they have completed the training within 30 calendar days of joining the project.

The final CMMC Program rule published in October 2024 by the DoD Office of the Secretary establishing the Cybersecurity Maturity Model Certification framework for protecting Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) in the defense supply chain.

Supplemental summary document and press release from DoD announcing the final CMMC Program rule.

September 2024, report ordered by Committee on Homeland Security. States that IHEs which have a relationship with a Confucius Institute or Chinese entity of concern is ineligible to receive any funds from the Department of Homeland Security, unless the institution terminates the relationship.

Issued on August 8, 2024. Effective May 1, 2025, applicants are required to have a Digital Persistent Identifier or Persistent Identifier (PID) if: 1. Individuals are listed within financial assistance applications that will fund R&D activities, or technical assistance to support R&D activities; and 2. Individuals are required to submit Biographical Sketch and/or Current and Pending (Other) Support disclosure. A PID is defined as globally unique, persistent, machine resolvable and processable, and has an associated metadata schema (example: ORCID iD). PIDs must be provided in the Biographical Sketch and/or Current and Pending (Other) Support disclosures as part of the application. This requirement is optional until May 1, 2025, and mandatory thereafter.

An NIH blog post from August 2024 explaining the new Decision Matrix and clarifying NIH processes for handling allegations of foreign interference.

An August 2024 report emphasizing the importance of the critical quantum information science and technology (QIST) field and the need to enhance interagency cooperation, fund international collaboration, and track global competitiveness.

August 2024. Assists agency staff in assessing grant applications and ongoing awards for potential foreign interference. Factors considered include: (1) current or past participation in a malign foreign talent recruitment program, which is prohibited by law, (2) undisclosed current or prior funding from a foreign country of concern (FCOC), or connected entity (currently China, Russia, North Korea, and Iran (higher risk)) or other foreign country (lower risk) and, (3) Indicators of an undisclosed current or past affiliation with an institution or entity located in or connected to a FCOC (higher-risk/mitigation) or foreign country (lower-risk/mitigation). Per the matrix, mitigation is either required, recommended, suggested, or not required based on the timing of the engagement and if accurate and complete disclosure information was provided. Mitigation conditions include: (1) specific award conditions, (2) modification of terms and conditions of award, (3) suspension, termination, or withdrawal of an award, (4) conversion from advance payment to reimbursement, and (5) recovery of funds.

A COGR overview published in July 2024 summarizing the requirements of the White House OSTP Final Guidelines for Research Security Programs at Covered Institutions across the four required research security program focus areas. It serves as a plain-language companion summary to the OSTP RSP Guidelines memorandum issued July 9, 2024.

Final Research Security Program (RSP) Guidelines published on July 9, 2024, via a memorandum to the heads of federal research funding agencies. Federal agencies are directed to implement the guidelines and provide time for institutional implementation. The four required areas are: cybersecurity, foreign travel security, research security training, and export control training. Agencies are coordinating implementation under a memorandum of agreement and anticipated to issue the requirements in early 2026.

June 2024. NSF initiated a proposal risk review process similar to that of DoD but with some notable differences. NSF's process will focus on critical technologies, beginning with a pilot of quantum technologies proposals in FY25, expanding to other key technologies in phase 2, and scaling up for all key technologies identified in the CHIPS and Science Act in phase 3. NSF will evaluate Three Criteria: 1. Appointments and positions with U.S. proscribed parties (e.g., U.S. BIS Entity List) and currently party to a MFTRP; 2. Non-disclosures of appointments, activities, and financial support; and 3. Potential foreseeable national security applications of the research. NSF will consider only current foreign appointments and affiliations and is not considering co-authorship in risk assessment.