Reference Library

A November 2023 supplement to the NSPM-33 Implementation Guidance that provides definitions of terms used throughout the guidance and related policy documents.

RTES presented on research security risk reviews during a COGR meeting in October 2023, noting that much of the agency's portfolio includes critical and emerging technologies. Among the areas noted as potential targets were Advanced batteries, Advanced computing, Advanced engineering materials, Advanced manufacturing, Artificial intelligence/machine learning, Autonomous systems and robotics, Biotechnologies, Quantum information technologies, Next generation renewable energy generation and storage and Semiconductors and microelectronics.

Published August 2023 by NIST, this report integrates several U.S. government policies and guidelines to develop a framework for an integrated, risk-balanced approach for safeguarding international science and technology from undue foreign interference.

An initial public draft issued by NIST in August 2023 that summarizes feedback NIST received on institutions of higher education (IHE) cybersecurity challenges and includes resources and possible next steps. Per the final research security program guidelines published July 9, 2024, institutions are to implement a cybersecurity program one year after publication of the final version of this NIST cybersecurity resource. Federal research funding agencies, working with NIST and IHEs via the Federal Demonstration Partnership (FDP), are currently developing cybersecurity guidelines that align with NIST 8481 for use in RSPs.

Issued June 29, 2023 by DoD. The document includes: 1. A Policy on Risk-based Security Reviews of Fundamental Research, 2. A Decision Matrix to Inform Fundamental Research Proposal Mitigation (Amended May 5, 2025), 3. A list of foreign institutions identified as engaging in problematic activity (Part 3, Table 1, Amended June 24, 2025), and 4. A list of foreign talent recruitment programs identified as posing a threat to U.S. national security interests (Part 3, Table 2). The Decision Matrix contains four factors for assessing senior/key personnel disclosures: a. Participation in foreign talent recruitment programs, b. Current or prior funding from foreign countries of concern (FCOCs), c. Filing a patent in an FCOC or on behalf of an FCOC-connected entity without disclosure, and d. Associations or affiliations with organizations on U.S. Entity (trade restriction) and other indicated (U.S. restricted) lists.

EDUCAUSE's formal response commenting on the Research Security Programs standard requirement, submitted in June 2023.

A June 2023 report issued by the National Academies providing recommendations that U.S. institutions of higher education can take to identify and mitigate risks associated with foreign-funded language and culture institutes on campus.

AAMC's formal response to the OSTP Request for Information on the NSPM-33 Research Security Programs Standard Requirement, submitted in June 2023.

AAU's formal response to the OSTP Request for Information on the NSPM-33 Research Security Programs Standard Requirement, submitted in May 2023.

A Dear Colleague Letter issued by NSF in May 2023 regarding the NSPM-33 Research Security Programs Standard Requirement.

COGR's formal response to the OSTP Request for Information on the NSPM-33 Research Security Programs Standard Requirement, submitted in May 2023.

A Request for Information published in March 2023 by the White House OSTP seeking public comment on the NSPM-33 Research Security Programs Standard Requirement.

A March 2023 report issued by JASON and commissioned by NSF. Provides definitions of Research Integrity as adherence to accepted values and principles -- objectivity, honesty, openness, accountability, fairness, and stewardship -- that guide the conduct of research. Research Security is protecting the means, know-how, and products of research until they are ready to be shared. JASON suggests research security does not vary across disciplines, but the consequences of breaches in research security and the measures taken to prevent breaches will differ. Key points include an emphasis on training researchers on risks in international collaborations, the need to encourage collaboration with international organizations that are also concerned with research security, and avoiding creating a reputation of racial profiling or using the research security programs to disadvantage anyone based on ethnicity or nationality.

The NASA Proposer's Guide (February 2023) includes similar language to the Wolf Amendment in a footnote of section 2.16, Current and Pending Support. Per the footnote, 'China or Chinese-owned Company' means the People's Republic of China (PRC), any company owned by the PRC, or any company incorporated under the laws of the PRC. Chinese universities and other similar institutions are considered to be incorporated under the laws of the PRC and, therefore, the funding restrictions apply to grants and cooperative agreements that include bilateral participation, collaboration, or coordination with Chinese universities.

Draft standards for research security programs published for comment in February 2023 by OSTP/the NSTC Research Security Subcommittee. The document was superseded by the final standard guidelines published on July 9, 2024. The following are related documents and comments from higher education associations.

February 2023. Outlines advanced monitoring and verification activities of NSF proposals and awards. The guidelines largely serve to provide transparency and identify guardrails NSF has put in place around the use of data analytics to monitor and validate information disclosed (e.g., in biosketches and current and pending support). For example, the activities are not investigative and cannot be incorporated into the merit review process. Sources of information include SCOPUS, Web of Science, and the U.S. Patent and Trademark Office Patent Database.

Research security training developed by institutions and organizations under cooperative agreements funded by NSF in collaboration with the National Institutes of Health (NIH), Department of Energy (DoE), and Department of Defense (DoD), with engagement from the Federal Bureau of Investigation (FBI). The training consists of 4 modules: 1.) What is Research Security?; 2.) Disclosure; 3.) Manage and Mitigate Risk; 4.) International Collaboration.

The NSF Proposal and Award Policies and Procedures Guide (NSF 23-1, January 2023). Post-award Disclosure of Current Support and In-Kind Contribution Information: PAPPG Chapter II.D.2.h(ii).

The National Academies of Sciences, Engineering, and Medicine's National Science, Technology, and Security Roundtable, called for in the Fiscal Year 2020 National Defense Authorization Act, explored issues related to protecting U.S. national and economic security while ensuring the open exchange of ideas and the international talent.

A Government of Canada website (October 2022) that provides guidance and resources for researchers engaging in international research.

September 2022. Requires agencies to implement a due diligence program to assess security risks for SBIR and STTR proposals. Disclosure requirements include information on foreign ties, business relationships, investment, and ownership. [Source: AAU, January 2024].

Requires NIST to consider the needs of IHEs when creating cybersecurity guidance.

OSTP to issue guidance to Federal research agencies to prohibit participation in 'foreign talent recruitment programs' by agency personnel and provide additional clarification to the research community regarding which activities are considered 'foreign talent recruitment programs.' OSTP is also directed to issue guidance clarifying that researchers working on Federally supported research projects must disclose participation in FTRPs in Federal research award proposals. OSTP is further directed to issue guidance for Federal research agencies to prohibit researchers working on agency-funded projects from participating in 'malign foreign talent recruitment programs,' and certify both at the time of proposal and annually that they are not part of a malign foreign talent recruitment program.

Directs NSF to collect annual summaries of foreign financial support from universities. The provision establishes a reporting threshold of $50,000 or more in [cumulative] financial support, including gifts and contracts, received directly or indirectly from a foreign country of concern (China, Russia, North Korea, and Iran at the time the law was enacted), or any other country determined to be a concern by the Secretary of State. This is in addition to the reporting of gifts and contracts from all foreign countries with a cumulative value of $250,000 or more via the Higher Education Act and Department of Education.

Places restrictions on eligibility for NSF R&D funding for institutions that host or support Confucius [or Confucius-like] institutes.