Research Security Hub

Research Security & Undue Foreign Influence  

Since August 2018, universities that receive U.S. federal funding for research have seen multiple policy clarifications from federal agencies meant to reduce undue foreign influence in research. These policy clarifications offer guidance on disclosing information about foreign collaboration in federal grant applications and in protecting research.

Foreign influence manifests in several ways, including:

  • Violation of the confidential peer review process, for both manuscripts and proposal applications
  • Taking intellectual property from the US and filing patents outside the US
  • Appointments/affiliations that duplicate US federal funding/effort, such as talent programs, and are not disclosed

In 2022, the Office of Science and Technology Policy (OSTP) issued NSPM-33 Implementation Guidance for coming federal policies on Research Security.

The sections below detail the guidance and current University of Arizona offices, policies, and procedures that handle the functions contained in the guidance. This page will be updated as new federal policies are released.  

The National Science and Technology Council (NSTC) has released the draft common Biographical Sketch and Current and Pending (Other) support forms for comment. Comments are due October 31, 2022.

News articles: 

The National Security Presidential Memorandum 33 (NSPM-33) is a January 2021 directive from the President that instructs federal agencies to strengthen protections of U.S. Government supported research against foreign influence. 

The memorandum requires agencies to strengthen and standardize disclosure requirements and implement requirements for research security programs for institutions who receive more then $50 million in Federal science and engineering support each year. 

The Office of Science and Technology Policy (OSTP) issued NSPM-33 Implementation Guidance for Federal Agencies in January 2022.  The document includes guidance for the federal agencies across five areas:

  1. Disclosure Requirements and Standardization 
  2. Digital Persistent Identifiers 
  3. Consequences for Violation of Disclosure Requirements 
  4. Information Sharing 
  5. Research Security Programs 

Agencies are expected to work together to provide consistent, coordinated information and requirements to recipients of federal research funds.  

Federal agencies are working to provide clarity and harmonization of disclosure requirements and processes.  In the NSPM-33 guidance document, "disclosure" refers to items that must be included in proposal application forms, which may or may not intersect with COI/COC requirements.  

Agencies are expected to:

  • Standardize disclosure requirements as much as possible
  • Create standardize forms and formats for biographical sketches and current & pending support forms (drafts expected in September 2022)
  • Require that peer reviewers disclose affiliations and positions 
  • Potentially require that students disclose 
  • Clarify what is excluded from disclosure requirements 
  • Require disclosure of participation in foreign programs 
  • Require disclosure of foreign contracts to research agencies 
  • Allow "just in time" submission of application information 
  • Requirement for updating disclosures (when they change) after the award has been made
  • Develop processes for correcting incorrect or incomplete disclosures 

The NSPM-33 guidance directs federal agencies to implement Digital Persistent Identifiers (DPIs) - also called Persistent Identifiers (PIDs) into their electronic systems and processes for grant and cooperative agreement application and disclosure processes.  

You can expect to see a place for a DPI in upcoming versions of proposal application forms, including Biographical Sketches, Current & Pending Support Forms, and Other Support Forms.  

The ORCID—Open Researcher and Contributor iD—is the only DPI that meets the NSPM-33 criteria.  Federal agencies and research institutions are working to develop ways to reuse data in ORCID records to populate grant application forms.  This effort will minimize data re-entry across many proposal functions.  

ORCID records can be populated with employment information by your employer, publication information, and grant/funding information, among other things. 

These two sections direct the federal agencies to provide guidelines for appropriate consequences and how federal agencies may share information regarding violations or potential violations.  Agencies are encouraged to develop documented procedures and timelines for consequences, and processes for researchers to correct disclosures that have past omissions. This section will be updated as more information is released. 

  • Consequences for violation of disclosure requirements may include criminal, civil, and/or administrative actions, including:
    • Rejection of an award application
    • Suspension or termination of an award
    • Keeping an award but identifying person(s) that may not perform work on it 
    • Ineligibility for participation in review panels 
    • Suspension or denial of Title IV funds to the institution 
  • Agencies may share information about violations or potential violations with other agencies and law enforcement. Agencies are expected to document: 
    • Circumstances for sharing violation information with other agencies 
    • Circumstances for sharing potential violation information before a final determination 
    • How the information will be shared, including with the public, to comply with applicable laws

Next Steps

  • Review current sponsor requirements for Biographical Sketches, Current & Pending Support (NSF) and Other Support (NIH) - detailed in sections below
  • Create your ORCID, or connect your existing ORCID to the University of Arizona
  • Schedule a Research Security briefing for your unit

Research Security Programs 

Research institutions receiving Federal support over $50 million per year will be required to certify that they have established and operate a Research Security program.

Research Security programs should include elements of:

  • cyber security
  • foreign travel security
  • insider threat awareness and identification
  • export control training

While Federal agencies have not yet released policies for research security programs, the subsections below contain what is known about coming requirements. This section will be updated.

Research organizations will be expected to:

  • Satisfy cybersecurity elements of access control, including limiting system and information access, verifying connections, identifying system users, authenticating users, monitoring and controlling organizations information 
  • Provide cybersecurity awareness training 
  • Provide protection of scientific data from ransomware and other attack mechanisms 
  • Identify and report system flaws 
  • Provide protection from malicious cods
  • Perform periodic scans of information system and real-time scans of files from external sources 
  • Additional NIST requirements will apply for controlled unclassified information (CUI) 

Current University of Arizona resources/policies:

Research organizations will be expected to: 

  • Maintain international travel policies for faculty and staff traveling for business, teaching, conference, research, or other sponsored travel that might put a person at risk
  • Maintain an organizational record of covered international travel, including an authorization requirement in advance of international travel 
  • Provide security briefings
  • Provide assistance with electronic device security

Current University of Arizona resources/policies: 

 

Research organizations will be expected to provide research security and insider threat awareness training, both for general knowledge and in the event of a research security incident.  Several federal agencies (NSF, NIH, DOD, Dept of Energy) issued a proposal solicitation to develop research security training for the grantee community.  

There may be some overlap with existing University of Arizona training, including information security and insider threat awareness.  

Research organizations will be expected to require training for relevant personnel on requirements and processes for reviewing foreign sponsors, collaborators and partnerships, and for ensuring compliance with export control requirements and restricted entities lists.  

Current University of Arizona resources/policies: 

Federal Agency Updates & Reports 

The sections below contain agency-specific links to foreign influence and research security topics, instructions, reports, and FAQs.

Subscribe to the UArizona Impact in Action newsletter to receive featured stories and event info to connect you with UArizona's research, innovation, entrepreneurial ventures, and societal impacts.

Subscribe now