Overview

As a recipient of federal funding, UCSB is required to address the government’s research security program requirements. These requirements were broadly outlined in National Security Presidential Memorandum 33 (NSPM-33) and sections of the CHIPS and Science Act of 2022. In mid-2024 the government released implementation guidelines for federal agencies and key agency-specific requirements are listed below. UCOP's office of Ethics, Compliance, and Audit Services (ECAS) is closely monitoring this issue and has a list of resources on their research security web page.

All “covered individuals” working on a federally-funded research project are required to certify that they are not an active participant of a malign foreign talent recruitment program (MFTRP). The University of California has published a Foreign Talent Program web page, which includes the definition of a MFTRP.  Additional information on foreign talent programs my be found on our Foreign Involvement & International Engagement web page.

Agency-specific Requirements

National Science Foundation (NSF)

The NSF has published a research security web page, which describes policies and actions they have taken. This includes the establishment of their TRUST program, which involves assessing grant proposals for research security risks.

PIs and Key Personnel must certify that their Biographical Sketch and Current & Pending (Other) Support information is current, accurate, and complete. NSF has funded the development of research security training, which will be required annually.

Institutions receiving NSF funding are required to disclose gifts and contracts received from a foreign country of concern, as mandated by the CHIPS and Science Act of 2022.

National Institutes of Health (NIH)

While the NIH has not created a single research security website, it has announced several research security measures and guidance. In addition, NIH has released a Decision Matrix that explains how NIH considers research security risks. Depending on the specific circumstances, NIH may require mitigation measures before a grant is funded.

PIs and Key Personnel are required to disclose all sources of research support, foreign components, and financial conflicts of interest. NIH defines a “foreign component” as the performance of any significant element or segment of the project outside the United States either by the grantee or by a researcher employed by a foreign institution, whether or not grant funds are expended. See NIH’s foreign components web page for more information.

Foreign subaward agreements must contain a provision requiring foreign subrecipients to provide access to copies of all lab notebooks, all data, and all documentation that supports the research outcomes, as described in the progress report. See NIH notice NOT-OD-23-182 for details.

Department of Defense (DoD)

The DoD has published a Decision Matrix that explains how DoD assesses research security risks for fundamental research. DoD recipients involved with international collaborations should familiarize themselves with DoD’s criteria. Association with restricted foreign institutions may require mitigation measures, or in some cases, result in DoD declining to fund a proposal. Individual units within the DoD may have different thresholds for determining research security risks than are described in the decision matrix mentioned above.

Department of Energy (DOE)

In November 2024, the DOE outlined their approach to Research, Technology, and Economic Security (RTES) risk in financial assistance and loan activities. Some awards may require information about foreign nationals working on a project and PIs should be alert for solicitations that include restrictions on foreign national participation. UC policy does not allow for discrimination based on nationality, which may impact awards in which this restriction is enforced.

DOE will also require annual research security training for all covered individuals. DOE will require that this training be completed prior to proposal submission. Once this goes into effect on May 1, 2025, covered individuals will need to complete the training and submit a training certification as part of their Current and Pending Support. Individuals added to a project must certify they have completed the training within 30 days.
 

Research Security Videos

In addition to the mandatory UC training described above, UC Riverside’s Center of Excellence for Risk & Safety training has developed four Research Security related videos, which cover several Research Security topics.

The following four videos can be accessed through the Learning Center by clicking this direct link. Once you start the training, you will be able to select any of the following topics.

Disclosures: Conflicts of Interest & Conflict of Commitments

Conflicts of interest (COI) and Conflict of commitments (COC); what to disclose; how to disclose; foreign talent programs, and resources. (Length: 4 min 35 seconds)

Talent Recruitment Programs

Overview of talent recruitment programs, how to recognize talent recruitment programs, risks, reporting requirements, and resources. (Length: 3 min 50 seconds)

International Collaborations

Basics of export control, restricted party screening, fundamental research exclusion, risks & considerations, and resources. (Length: 3 min 50 seconds)

Also available in eLearning format (Export Controls | Restricted Party Screening)

Data Security

Transfer of materials, ideas, or information; data security, international travel, export control considerations, and resources. (Length: 3 min 20 seconds)

Other Training

The National Science Foundation's Research Security Training website provides four training modules on research security. If you complete any of these training modules, we recommend that you save a copy of the completion certificate.

Ethics and Compliance training

The University of California requires that researchers supported by extramural funding complete the Ethics and Compliance Briefing for Researchers through the UC Learning Center. This training must be completed once every two years. If you are required to complete this training, you should be notified by email. If you do not receive an email and need to be assigned this training, please contact coi@research.ucsb.edu and ask to be added to the “ECBR” training audience.

Cybersecurity training

University faculty and staff are also required to complete Cybersecurity training through the UC Learning Center. You should be notified by email if you are required to complete this training.

Responsible Conduct of Research training

Certain groups of researchers are required to complete training in the responsible and ethical conduct of research. Recent legislation and sponsor policies have added new requirements that both expand who is required to complete this training and the topics that should be covered. Individual researchers will be notified if they are required to complete this training. More information can be found at the Responsible Conduct of Research webpage.

Export Controls

Training in the following topics is available through the UCSB Learning Center (UCSB login required):

• Export Controls
• Restricted Party Screening