Issued June 29, 2023 by DoD. The document includes: 1. A Policy on Risk-based Security Reviews of Fundamental Research, 2. A Decision Matrix to Inform Fundamental Research Proposal Mitigation (Amended May 5, 2025), 3. A list of foreign institutions identified as engaging in problematic activity (Part 3, Table 1, Amended June 24, 2025), and 4. A list of foreign talent recruitment programs identified as posing a threat to U.S. national security interests (Part 3, Table 2). The Decision Matrix contains four factors for assessing senior/key personnel disclosures: a. Participation in foreign talent recruitment programs, b. Current or prior funding from foreign countries of concern (FCOCs), c. Filing a patent in an FCOC or on behalf of an FCOC-connected entity without disclosure, and d. Associations or affiliations with organizations on U.S. Entity (trade restriction) and other indicated (U.S. restricted) lists.
Agency Risk Review Processes
Agency-specific processes for reviewing proposals and awards for potential security risks and foreign interference.
A survey issued by COGR in April 2024 documenting research institutions' experiences with DoD's policy for risk-based security reviews of fundamental research.
Frequently asked questions about DARPA's Fundamental Research Risk-Based Security Review Program (FRR-BS), issued May 2024.
Issued on November 26, 2024. DOE's RTES office issued a 'framework to minimize, mitigate, and manage risks while maintaining an open, collaborative, and world-leading scientific enterprise.' The process includes three phases during which RTES will coordinate with program offices. This includes ensuring solicitations include appropriate language on RTES requirements, including assessment of technology risk level; and RTES 'due diligence' reviews before selection for award; and changes that occur during the life of a project that may trigger RTES review. Risk reviews use information disclosed to the agency as well as public and classified sources. Risk factors include ties to malign foreign talent recruitment programs, 'certain foreign funding sources', 'certain concerning behaviors associated with patenting', and ties to foreign entities or foreign collaborators on specified [certain U.S. restricted] lists 'or with specified characteristics.'
RTES presented on research security risk reviews during a COGR meeting in October 2023, noting that much of the agency's portfolio includes critical and emerging technologies. Among the areas noted as potential targets were Advanced batteries, Advanced computing, Advanced engineering materials, Advanced manufacturing, Artificial intelligence/machine learning, Autonomous systems and robotics, Biotechnologies, Quantum information technologies, Next generation renewable energy generation and storage and Semiconductors and microelectronics.
August 2024. Assists agency staff in assessing grant applications and ongoing awards for potential foreign interference. Factors considered include: (1) current or past participation in a malign foreign talent recruitment program, which is prohibited by law, (2) undisclosed current or prior funding from a foreign country of concern (FCOC), or connected entity (currently China, Russia, North Korea, and Iran (higher risk)) or other foreign country (lower risk) and, (3) Indicators of an undisclosed current or past affiliation with an institution or entity located in or connected to a FCOC (higher-risk/mitigation) or foreign country (lower-risk/mitigation). Per the matrix, mitigation is either required, recommended, suggested, or not required based on the timing of the engagement and if accurate and complete disclosure information was provided. Mitigation conditions include: (1) specific award conditions, (2) modification of terms and conditions of award, (3) suspension, termination, or withdrawal of an award, (4) conversion from advance payment to reimbursement, and (5) recovery of funds.
An NIH blog post from August 2024 explaining the new Decision Matrix and clarifying NIH processes for handling allegations of foreign interference.
February 2023. Outlines advanced monitoring and verification activities of NSF proposals and awards. The guidelines largely serve to provide transparency and identify guardrails NSF has put in place around the use of data analytics to monitor and validate information disclosed (e.g., in biosketches and current and pending support). For example, the activities are not investigative and cannot be incorporated into the merit review process. Sources of information include SCOPUS, Web of Science, and the U.S. Patent and Trademark Office Patent Database.
June 2024. NSF initiated a proposal risk review process similar to that of DoD but with some notable differences. NSF's process will focus on critical technologies, beginning with a pilot of quantum technologies proposals in FY25, expanding to other key technologies in phase 2, and scaling up for all key technologies identified in the CHIPS and Science Act in phase 3. NSF will evaluate Three Criteria: 1. Appointments and positions with U.S. proscribed parties (e.g., U.S. BIS Entity List) and currently party to a MFTRP; 2. Non-disclosures of appointments, activities, and financial support; and 3. Potential foreseeable national security applications of the research. NSF will consider only current foreign appointments and affiliations and is not considering co-authorship in risk assessment.
DoD's Basic Research and Research Directorate portal providing access to fundamental research policies, the decision matrix, Section 1286 lists, and research security guidance for defense-funded research.