Research Security & Undue Foreign Influence
Since August 2018, universities that receive U.S. federal funding for research have seen multiple policy clarifications from federal agencies meant to reduce undue foreign influence in research. These policy clarifications offer guidance on disclosing information about foreign collaboration in federal grant applications and in protecting research.
Foreign influence manifests in several ways, including:
- Violation of the confidential peer review process, for both manuscripts and proposal applications
- Taking intellectual property from the US and filing patents outside the US
- Appointments/affiliations that duplicate US federal funding/effort, such as talent programs, and are not disclosed
In 2022, the Office of Science and Technology Policy (OSTP) issued NSPM-33 Implementation Guidance for coming federal policies on Research Security.
The sections below detail the guidance and current University of Arizona offices, policies, and procedures that handle the functions contained in the guidance. This page will be updated as new federal policies are released.
The National Science and Technology Council (NSTC) has released the draft common Biographical Sketch and Current and Pending (Other) support forms for comment. Comments are due October 31, 2022.
- Announcement
- Federal Register Notice
- Draft Biographical Sketch Form
- Draft Current and Pending (Other) Support form
- NSPM-33 Implementation Guidance Pre- and Post-award Disclosures Relating to the Biographical Sketch and Current and Pending Support
News articles:
- Science Magazine: "NSF hopes big data will finger grantees not reporting foreign support"
The National Security Presidential Memorandum 33 (NSPM-33) is a January 2021 directive from the President that instructs federal agencies to strengthen protections of U.S. Government supported research against foreign influence.
The memorandum requires agencies to strengthen and standardize disclosure requirements and implement requirements for research security programs for institutions who receive more then $50 million in Federal science and engineering support each year.
The Office of Science and Technology Policy (OSTP) issued NSPM-33 Implementation Guidance for Federal Agencies in January 2022. The document includes guidance for the federal agencies across five areas:
- Disclosure Requirements and Standardization
- Digital Persistent Identifiers
- Consequences for Violation of Disclosure Requirements
- Information Sharing
- Research Security Programs
Agencies are expected to work together to provide consistent, coordinated information and requirements to recipients of federal research funds.
Federal agencies are working to provide clarity and harmonization of disclosure requirements and processes. In the NSPM-33 guidance document, "disclosure" refers to items that must be included in proposal application forms, which may or may not intersect with COI/COC requirements.
Agencies are expected to:
- Standardize disclosure requirements as much as possible
- Create standardize forms and formats for biographical sketches and current & pending support forms (drafts expected in September 2022)
- Require that peer reviewers disclose affiliations and positions
- Potentially require that students disclose
- Clarify what is excluded from disclosure requirements
- Require disclosure of participation in foreign programs
- Require disclosure of foreign contracts to research agencies
- Allow "just in time" submission of application information
- Requirement for updating disclosures (when they change) after the award has been made
- Develop processes for correcting incorrect or incomplete disclosures
The NSPM-33 guidance directs federal agencies to implement Digital Persistent Identifiers (DPIs) - also called Persistent Identifiers (PIDs) into their electronic systems and processes for grant and cooperative agreement application and disclosure processes.
You can expect to see a place for a DPI in upcoming versions of proposal application forms, including Biographical Sketches, Current & Pending Support Forms, and Other Support Forms.
The ORCID—Open Researcher and Contributor iD—is the only DPI that meets the NSPM-33 criteria. Federal agencies and research institutions are working to develop ways to reuse data in ORCID records to populate grant application forms. This effort will minimize data re-entry across many proposal functions.
ORCID records can be populated with employment information by your employer, publication information, and grant/funding information, among other things.
- Create and/or Connect your ORCID iD
- One UArizona use of ORCID: Institutional Knowledge Map (KMAP)
These two sections direct the federal agencies to provide guidelines for appropriate consequences and how federal agencies may share information regarding violations or potential violations. Agencies are encouraged to develop documented procedures and timelines for consequences, and processes for researchers to correct disclosures that have past omissions. This section will be updated as more information is released.
- Consequences for violation of disclosure requirements may include criminal, civil, and/or administrative actions, including:
- Rejection of an award application
- Suspension or termination of an award
- Keeping an award but identifying person(s) that may not perform work on it
- Ineligibility for participation in review panels
- Suspension or denial of Title IV funds to the institution
- Agencies may share information about violations or potential violations with other agencies and law enforcement. Agencies are expected to document:
- Circumstances for sharing violation information with other agencies
- Circumstances for sharing potential violation information before a final determination
- How the information will be shared, including with the public, to comply with applicable laws
Next Steps
- Review current sponsor requirements for Biographical Sketches, Current & Pending Support (NSF) and Other Support (NIH) - detailed in sections below
- Create your ORCID, or connect your existing ORCID to the University of Arizona
- Schedule a Research Security briefing for your unit
Research Security Programs
Research institutions receiving Federal support over $50 million per year will be required to certify that they have established and operate a Research Security program.
Research Security programs should include elements of:
- cyber security
- foreign travel security
- insider threat awareness and identification
- export control training
While Federal agencies have not yet released policies for research security programs, the subsections below contain what is known about coming requirements. This section will be updated.
Research organizations will be expected to:
- Satisfy cybersecurity elements of access control, including limiting system and information access, verifying connections, identifying system users, authenticating users, monitoring and controlling organizations information
- Provide cybersecurity awareness training
- Provide protection of scientific data from ransomware and other attack mechanisms
- Identify and report system flaws
- Provide protection from malicious cods
- Perform periodic scans of information system and real-time scans of files from external sources
- Additional NIST requirements will apply for controlled unclassified information (CUI)
Current University of Arizona resources/policies:
- Information Security Awareness & Training Program (requires login)
- ISO Governance Policies (requires login)
- Controlled Unclassified Information (CUI) environments
Research organizations will be expected to:
- Maintain international travel policies for faculty and staff traveling for business, teaching, conference, research, or other sponsored travel that might put a person at risk
- Maintain an organizational record of covered international travel, including an authorization requirement in advance of international travel
- Provide security briefings
- Provide assistance with electronic device security
Current University of Arizona resources/policies:
- Travel Policies
- International Travel Safety and Compliance Policy (Interim)
- International travel registry
- 14.10 Travel Authorization
- Device Security Guidelines for International Travel
Research organizations will be expected to provide research security and insider threat awareness training, both for general knowledge and in the event of a research security incident. Several federal agencies (NSF, NIH, DOD, Dept of Energy) issued a proposal solicitation to develop research security training for the grantee community.
There may be some overlap with existing University of Arizona training, including information security and insider threat awareness.
Research organizations will be expected to require training for relevant personnel on requirements and processes for reviewing foreign sponsors, collaborators and partnerships, and for ensuring compliance with export control requirements and restricted entities lists.
Current University of Arizona resources/policies:
Federal Agency Updates & Reports
The sections below contain agency-specific links to foreign influence and research security topics, instructions, reports, and FAQs.
- April 2022 NSF Pre-award and Post-award Disclosures: Biographical Sketch and Current and Pending Support
- NSF 22-1 Proposal & Award Policies & Procedures Guide (PAPPG)
- Research Performance Progress Report (RPPR) Instructions
- 2019 Dear Colleague Letter: Research Protection
- NSF 23-1 Draft PAPPG (current under consideration) includes:
- Separate certifications by PI (biographical sketch and current & pending support) and Applicant Institution
- Required use of SciENcv for both the biographical sketch and current & pending support forms
- Recommendation that researchers obtain an ORCID iD
- This draft document is not final, and may change before the January 2023 implementation date.
- Protecting U.S. Biomedical Intellectual Innovation
- June 2022 NIH Pre-Award and Post-Award Disclosures Relating to the Biographical Sketch and Other Support
- Other Support and Foreign Component FAQs
- March 2022 Brief Summary of NIH Foreign Influence Cases
- December 2021 NIH Guide Notice on Security and Confidentiality in NIH Peer Review
- July 2019 NIH Guide Notice Reminders of Requirements for FCOI and Foreign Components
- August 2018 Statement on Protecting the Integrity of U.S. Biomedical Research
- October 2019 Letter on Research Security
- March 2019 Memorandum: Protecting Intellectual Property, Controlled Information, Key Personnel & Critical Technologies
- DARPA Risk-Based Measures to Assess Potential Undue Foreign Influence
- DARPA CFIP program
- DARPA Countering Foreign Influence Program (CFIP) FAQs