CHIPS and Science Act sections addressing research security programs, cybersecurity, training, and organizational requirements.
Signed into law in August 2022, the CHIPS and Science Act includes a number of research security provisions. Key sections address research security at DOE, NIST cybersecurity guidance, NSF Office of Research Security and Policy, research security training requirements, information sharing analysis organizations, Confucius Institute restrictions, foreign financial support reporting, and foreign talent recruitment program requirements.
DOE Office of Science to develop and maintain tools and processes to manage and mitigate research security risks such as an S&T risk matrix, informed by threats identified by the Office of Defense National Intelligence (ODNI).
Requires NIST to consider the needs of IHEs when creating cybersecurity guidance.
Requires NIST to offer resources and technical assistance to research intensive universities to help them mitigate cyber risks related to conducting research.
Establishes an Office of Research Security, Strategy, and Policy within NSF.
Establishes a Chief of Research Security position within the NSF Office of the Director to manage the Office of Research Security and Policy.
Directs [NSF] to develop an online resource to inform institutions and researchers of security risks and best practices and explain Foundation research security policies.
Authorizes the NSF OCRSSP, in coordination with the Office of Inspector General (OIG), to conduct risk assessments, including through the use of open-source analysis and analytical tools, of R&D award applications and disclosures to NSF.
Expands the requirement for RCR training to include faculty and other senior personnel on [NSF] awards and expands the scope of such training to include mentoring training and training to raise awareness of research security risks as well as Federal export control, disclosure, and reporting requirements.
Directs [NSF] to establish a research security and integrity information sharing analysis organization to enable the research community to share information, identify research security risks, and implement risk assessment and mitigation best practices and procurement of a non-government organization to run this center. The SECURE Program, including the SECURE Center and SECURE Analytics, were implemented to answer this call.
On December 18, 2025, the U.S. House Committee on Science, Space, and Technology's Subcommittee on Investigations and Oversight held a hearing examining the implementation of research security measures under the CHIPS and Science Act and NSPM-33. Witnesses included officials from NSF, NASA, NIH, and DOE.
Grant Information Circular issued by NASA on February 5, 2026 to implement the research security training (RST) and certification requirements mandated by Section 10634 of the CHIPS and Science Act of 2022 for all research grant and cooperative agreement proposals submitted to the agency. Covered individuals (PIs, Co-PIs, and Co-Is proposing 10 percent or more effort) must certify on their Biographical Sketch and Current and Pending (Other) Support forms that they completed RST within the 12 months prior to proposal submission, with applicant entities certifying via NSPIRES. Requirements take effect August 5, 2026, and NASA recognizes the NSF SECURE Center's Consolidated Training Module (CTM) as a compliant option.
