CHIPS and Science Act sections addressing research security programs, cybersecurity, training, and organizational requirements.
Signed into law in August 2022, the CHIPS and Science Act includes a number of research security provisions. Key sections address research security at DOE, NIST cybersecurity guidance, NSF Office of Research Security and Policy, research security training requirements, information sharing analysis organizations, Confucius Institute restrictions, foreign financial support reporting, and foreign talent recruitment program requirements.
DOE Office of Science to develop and maintain tools and processes to manage and mitigate research security risks such as an S&T risk matrix, informed by threats identified by the Office of Defense National Intelligence (ODNI).
Requires NIST to consider the needs of IHEs when creating cybersecurity guidance.
Requires NIST to offer resources and technical assistance to research intensive universities to help them mitigate cyber risks related to conducting research.
Establishes an Office of Research Security, Strategy, and Policy within NSF.
Establishes a Chief of Research Security position within the NSF Office of the Director to manage the Office of Research Security and Policy.
Directs [NSF] to develop an online resource to inform institutions and researchers of security risks and best practices and explain Foundation research security policies.
Authorizes the NSF OCRSSP, in coordination with the Office of Inspector General (OIG), to conduct risk assessments, including through the use of open-source analysis and analytical tools, of R&D award applications and disclosures to NSF.
Expands the requirement for RCR training to include faculty and other senior personnel on [NSF] awards and expands the scope of such training to include mentoring training and training to raise awareness of research security risks as well as Federal export control, disclosure, and reporting requirements.
Directs [NSF] to establish a research security and integrity information sharing analysis organization to enable the research community to share information, identify research security risks, and implement risk assessment and mitigation best practices and procurement of a non-government organization to run this center. The SECURE Program, including the SECURE Center and SECURE Analytics, were implemented to answer this call.
