»Research Security

Research security has emerged as a top priority for US institutions receiving sponsored project funds from Federal sponsors. Over the last five years, the U.S. government has increased requirements aimed at securing the products of Federally funded research and development conducted at universities and research institutes. Both National Security Presidential Memo 33 and the CHIPS and Science Act include provisions requiring enhanced research security programs for Federally funded research. 

Research security encompasses national security concerns surrounding research involving certain types of sensitive data, intellectual property, export-controlled information or other risks. Research security at universities is critical to protect public investment in research, prevent the misuse of university-generated research data and technology by malign actors, and to protect the safety and security of employees and students traveling abroad. Research security programs are required by the Federal government to protect against foreign government interference and exploitation at research institutions receiving Federal funds. The Federal government is focused on areas critical to protecting the security of U.S. research, such as the disclosure of conflicts of interest and commitment – including relationships or affiliations with foreign entities – and research support provided by those entities.

Chapman University supports and fosters an open environment for research discoveries and innovation. However, it is important that University researchers understand the need to protect intellectual capital, discourage research misappropriation and ensure responsible stewardship of United States taxpayer dollars invested in research or scholarly activities. The information provided below describes steps the University has taken to comply with  NSPM-33, the CHIPS and Science Act (42 U.S.C. 19232) and other Federal requirements, to ensure threats to national security are rebuffed and potential conflicts of interest and conflicts of commitment are identified, disclosed, and mitigated.

NSPM-33

NSPM-33 (National Security Presidential Memorandum-33) is a Presidential directive that requires all Federal research funding agencies to strengthen and standardize disclosure requirements for Federally funded awards. NSPM-33 also requires oversight and enforcement in the form of administrative actions, as well as civil or criminal penalties. The NSPM-33 Implementation Guidance, released in January 2022, requires any institution receiving over $50 million in federal research funding to establish a Research Security Program touching on four main areas of focus: research security training, cybersecurity, foreign travel security and export control training.

In addition to NSPM-33, the Department of Defense (DoD) has launched CMMC 2.0, a comprehensive framework designed to protect the defense industrial base from increasingly frequent and complex cyberattacks.

 

CHIPS and Science Act

The CHIPS and Science Act includes several key provisions aimed at enhancing research security and protecting the integrity of Federally funded research, including:

  • Research Security Office: Establishment of an Office of Research Security and Policy within the National Science Foundation (NSF) to coordinate research security policy issues.
  • Training and Education: Development of comprehensive training programs for researchers on security best practices and compliance requirements. See NSF trainings available here.
  • Risk Assessments: Implementation of risk assessments for NSF proposals and awards to identify potential security risks.
  • Information Sharing: Creation of a Research Security and Integrity Information Sharing Analysis Organization to help universities and researchers identify and address security threats.
  • Foreign Talent Recruitment: Prohibition of participation in malign foreign talent recruitment programs by Federal research agency personnel.
  • Controlled Information: Development of a plan to manage controlled information and background screening for NSF employees.

 

Executive Order on Transparency Regarding Foreign Infulence at American Universities

This Executive Order enunciates the government’s desire to ensure transparency regarding the presence of foreign funds and influence on research institutions and higher education generally.  The EO covers institutions, versus individuals, and lowers the threshold for reporting of financial transactions from foreign entities, including gifts, grants and other mechanisms.  The EO reinforces a key concept prevalent in research security, transparency, and demonstrates the government’s commitment to disclosure, transparency and clarity expected of grantees and other Federal funding recipients.

 

How will research security program requirements impact Chapman?

While Chapman isn’t a covered institution due to its current level of Federal funding, and therefore doesn’t have an Assurance obligation, it is nonetheless imperative for University researchers to be familiar with, and implement, the basic principles of research security.  The University has already experienced the imposition of these requirements on individual awards through contract terms and conditions, and it is expected that this will occur more frequently as implementation of NSPM-33 and the CHIPS and Science Act continues. Even without an Assurance requirement, Chapman must implement the training mandates inherent to a research security program.

 

More about Research Security


Toggle Section

Research Security Training

As of May 1, 2025, the U.S. Department of Energy (DOE) requires any individual who contributes in a substantive, meaningful way to the development or execution of the scope of work to complete research security training in the 12 months immediately preceding the proposal due date. (Covered Individuals from recipients or subrecipients who are added to an existing award that includes the research security training requirement must complete the training within 30 calendar days of joining.) The National Science Foundation (NSF) training requirement is anticipated to take effect in October 2025. Ultimately all federal funders will soon require annual research security training and likely prior to proposal submission.The training obligation can be fulfilled by taking the NSF/DOE/DOD developed Research Security modules (4 hours).  Individuals should download their completion certificates and send a copy to ORIC for the University record.  For faculty, the university has loaded an abbreviated (1 hour) version of the Research Security course in Canvas; it is available to satisfy the federal training requirements. For more information, including who must complete the training and how to access the training, please contact Jen Donais in Research Integrity & Compliance at donais@chapman.edu

Foreign Travel Security

Chapman supports its faculty, students and staff with resources and guidance related to international travel.  More information can be found here.  Faculty researchers who are subject to research security requirements or are working under a Technology Control Plan to protect export controlled technologies may be asked to report their international travel, personal or professional, to the Research Integrity & Compliance office during the period of their award.

Cybersecurity

NSPM-33 specifies specific cybersecurity controls and additional requirements for cybersecurity awareness training and protection against ransomware. These requirements aim to enhance the security and integrity of Federally funded research while maintaining the openness of the innovation ecosystem. They are implemented to protect Federally funded intellectual property and research results that encompass sensitive or controlled data.

Certain Federal awards may require compliance with the National Institute of Standards and Technology (NIST)

security requirements outlined in NIST 800-171. NIST 800-171 is a subset of security controls derived from a larger set of NIST standards outlined in NIST publication 800-53. This subset of security controls is required when a non-Federal entity is sharing, collecting, processing, storing or transmitting “Controlled Unclassified Information (CUI)” on behalf of a Federal government agency. All research projects governed by a Department of Defense (DoD) contract must be NIST 800-171 compliant as of December 2017.  Chapman may also encounter NIST compliance requirements when conducting research with data owned by a Federal agency.

Export Control

Chapman requires individuals who perform research activities involving export-controlled technologies to complete training. The goal of the training is to ensure individuals understand how to comply with (1) U.S. export control and compliance requirements; and (2) requirements for review of foreign sponsors, collaborators, and partnerships. See the Export Control page for more information.

International Collaboration

Chapman University values the academic principles of free and open exchange of ideas and engaging in academic activities, including research, that contribute to generalizable knowledge for the good of all. We believe in the open dissemination of research and encourage our faculty, students and staff to collaborate with others to advance knowledge. Chapman is committed to providing a welcoming environment to foreign faculty, students and scholars and to upholding academic freedom and research integrity.

The U.S. government’s recent focus on research security does not preclude international collaboration, but instead encourages a knowledge-driven, risk-based approach to deciding when and how to collaborate with others.  The Office of Research and Graduate Education – including experts in Sponsored Program Services and Research Integrity and Compliance – can help to analyze the implications of specific engagements or collaborations in the context of Federal funding.

The Office of Research & Graduate Education is monitoring changes to US government requirements resulting from the recent change in administration at the Federal level. 

Malign Foreign Talent Recruitment Programs (MFTRPs)

It is the Policy of the Chapman University to comply with NSF, NIH, DoD, DoE and any other agencies’ or federal departments’ MFTRP requirements. Therefore, in accordance with the CHIPS and Science Act of 2022, Section 10632 (42 U.S.C. 19232), individuals who are a party to a malign foreign talent recruitment program (MFTRP) shall not serve as senior/key personnel on Federally funded research. For reference, see the list of Foreign Institutions engaging in problematic activity as described in Section 1286 of the John S. McCain National Defense Authorization Act for Fiscal Year 2019, updated annually.  The definition of MFTRP can be found at 42 U.S.C. 19237(4).  Additionally, 42 U.S.C. 19232(a)(1) requires that covered individuals submit a certification stating that they are not a party to a MFTRP at the time of submission, annually after proposal submission, and immediately if at any time participation status changes for the duration of the award.

Disclosure Requirements

Federal sponsoring agencies have been directed through the CHIPS and Science Act to ensure researchers disclose outside activities, other support and additional resources supporting their research. Federal agencies mandate these disclosures to ensure transparency for matters such as conflicts of interest and conflicts of commitment; undisclosed research duplication and/or commitments to research entities other than their U.S. employer; compromises to the merit review system; and unauthorized use of pre-publication data and information. Transparency and disclosure are needed to properly assess risk and are essential for Federal agencies to make sound funding decisions. Undisclosed research duplication and researcher commitments to entities outside their U.S. employer are a threat to securing U.S. Federal research. Failure to properly disclose membership in mechanisms such as foreign talent recruitment programs can have criminal or civil ramifications. In addition, Federally funded recipients could be affected by financial constraints that could undermine their ability to identify and manage conflicts of interests, commitment and affiliation created by researchers’ involvement with such programs.

If you have academic, professional, or institutional appointments or positions with a foreign government or government-connected entity, whether full-time, part-time, or voluntary (including adjunct, visiting, or honorary), where direct monetary or non-monetary reward is involved, these should be disclosed. Additionally, academic, professional, or institutional appointments or positions with a foreign government or government-connected entity, whether full-time, part-time, or voluntary (including adjunct, visiting, or honorary), where no direct monetary or non-monetary reward is involved must also be disclosed. Individuals should be prepared to provide information about the foreign entity, as well as copies of any written agreements or contracts entered into with the foreign entity to the Federal awarding agency, upon request.  Finally, information about visiting scholars should also be disclosed, including the name of the home institution, their visit dates, and sources of funding.

Specific Federal pre-award and post-award disclosure requirements can be found at “NSPM-33 Implementation Guidance Pre- and Post-award Disclosures Relating to the Biographical Sketch and Current and Pending (Other) Support”.

Agency Specific Requirements Related to Research Security

NIH

  • Requires Research Security Training
  • Requires senior/key personnel to certify annually that they are not a party to a MFTRP.

NSF

  • Requires Research Security Training
  • Requires senior/key personnel to certify annually that they are not a party to a MFTRP.

DOE and National Nuclear Security Administration (NNSA)

  • Require disclosure in Current and Pending Support to align with NSMP-33 and NDAA for Fiscal Year 2021 requirements (FAL No. 2022-04) and allow use of SciENcv to provide information. 
  • Require use of persistent digital identifiers (PIDs) (FAL 2024-05)
  • Requires Research Security Training
  • Requires senior/key personnel to certify annually that they are not a party to a MFTRP.
  • Prohibits participation in Foreign Government-Sponsored Talent Recruitment Programs (DOE O 486.1A)

EPA

  • Requires Research Security Training
  • Anticipate EPA will comply with the NSMP-33 and NDAA for Fiscal Year 2021and require senior/key personnel to certify annually that they are not a party to a MFTRP.

NASA

  • Requires Research Security Training
  • Requires senior/key personnel to certify annually that they are not a party to a MFTRP.
  • Requires assurance and representation on China restrictions.  Proposer assurance that they are not a China or a Chinese-owned company, and that the proposer will not participate, collaborate, or coordinate bilaterally with China or any Chinese-owned company, at the prime recipient level or at any subrecipient level, whether the bilateral involvement is funded or performed under a no-exchange of funds arrangement. (Section 1340 of Public Law 112-10 and Section 539 of Public Law 112-55).

DARPA

  • Requires Research Security Training
  • Prohibits senior/key personnel from participating in a MFTRP.

DEVCOM ARL (Army Research Lab)

  • Requires Research Security Training
  • Prohibits senior/key personnel from participating in a MFTRP.

DoD

  • Requires Research Security Training
  • Prohibits senior/key personnel from participating in a MFTRP.

NIST

  • Requires Research Security Training
  • Requires senior/key personnel to certify annually that they are not a party to a MFTRP.

Science Experts Network Curriculum Vitae (SciENcv) & ORCID ID

SciENcv is a researcher profile system for all individuals who apply for, receive, or are associated with research investments from federal agencies.

You will be required to use SciENcv to complete Common Forms (i.e., Biographical Sketch, Current and Pending (Other) Support) to produce digitally certified PDF(s) for use in application submission for some federal agencies.

ORCID is a free, unique, persistent identifier (PID) for individuals to use as they engage in research, scholarship, and innovation activities.

You will be required to enter your ORCID ID in the Persistent Identifier (PID) section of the Common Forms.

Consequences for Violation of Disclosure Requirements

If it is determined that a senior/key person failed to disclose required information, federal agencies may take one or more of the following actions:

  • Reject a proposal;
  • Suspend or terminate an award;
  • Temporarily or permanently discontinue any or all funding for the individual or entity;
  • Preserve an award, but require or otherwise ensure that a senior/key person does not perform work under the award;
  • Suspend or debar recipients as appropriate and consistent with 2 CFR part 180, OMB Guidelines to Agencies on Governmentwide Debarment and Suspension (Nonprocurement) as adopted by Federal Agencies.
  • Refer the failure to disclose to the Agency Office of Inspector General for further investigation or to Federal law enforcement authorities to determine whether any criminal or civil laws were violated;
  • Report the individual or entity in SAM.gov to alert other Federal agencies to the noncompliance;
  • Take one or more of the actions described in 2 CFR 200.339, Remedies for noncompliance; or
  • Take such other actions against the senior/key person or entity as authorized under applicable law or regulations.

References

Department of Defense (DOD) — Academic Research Security (Office of the Under Secretary of Defense for Research & Engineering): This site is a resource for the actions that the Department and the inter-agency are taking to ensure the integrity of fundamental research in academia as well as steps that the academic community has taken. 

Department of Defense (DOD) Research and Engineering: Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Education. Memorandum on the policy for Risk-Based Security Reviews of Fundamental Research mandated by section 1286 of the National Defense Authorization Act for FY 2019 and NSPM-33.

Department of Energy (DOE) DOE Current and Pending Support Disclosure Requirements for Financial Assistance (FAL 2022-04): response to NSPM-33.

Director of National Security (ODNI) — National Counterintelligence & Security Center (Office of the Director of National Intelligence): a collection of Research Security reference documents compiled by the National Science Foundation’s (NSF) Office of the Chief of Research Security Strategy and Policy (OCRSSP) regarding best practices in research security for the academic community.

National Aeronautics and Space Administration (NASA) —  Proposers Guide: Section 2.16 (Current and Pending Support) contains specific guidance regarding disclosure of current and pending support with China.

National Institutes of Health (NIH) — Foreign Interference (NIH Central Resource for Grants and Funding Information): Includes  an overview of NIH's  principles, case studies, explanations about U.S. government concerns regarding foreign influence, requirements for disclosure of Other Support, Foreign Components, and Conflicts of Interest.

National Science Foundation (NSF) — Research Security at the National Science Foundation (the NSF Office of the Chief of Research Security Strategy and Policy): Includes a comprehensive overview of Research Security at NSF, including policies, foreign influence and risk mitigation, the benefits of international collaboration, and the Research on Research Security program (RRSP).