UCSB is committed to fostering global engagement and an open research environment. Collaborative research advances the University’s mission “to serve society as a center of higher learning, providing long-term societal benefits through transmitting advanced knowledge, discovering new knowledge, and functioning as an active working repository of organized knowledge.” Federal funding agencies support many of these collaborative research efforts and these agencies have been tasked with developing guidelines to ensure transparency and security related to federally-funded research.
Research security program guidance from the White House Office of Science and Technology Policy (OSTP) requires federal funding agencies, and universities that receive over $50M in sponsored research funding in science and engineering, to strengthen protections on U.S. government-sponsored research. As part of this initiative, UCSB is required to maintain a Research Security Program. Researchers supported by federal funds should be familiar with the Research Security Program elements listed in the sections below.
Since requirements vary by federal agency, it is important to review your sponsor’s specific requirements and to ask UCSB’s Office of Research for guidance if you have questions.
Most of the elements of a Research Security Program are not new and existing policies and procedures at UCSB fulfill many of these requirements. As individual federal sponsor requirements are formalized, UCSB will implement procedures to comply with those requirements. Links to primary resources are listed in the section below and researchers should be familiar with each of these elements. Since agency requirements are evolving, this page will be periodically updated.
Please contact the Director of Research Integrity (Barry Rowan – rowan@research.ucsb.edu) if you have Research Security related questions. Do not share sensitive information via email.
Research Security Program Elements
Requirements
Overview
As a recipient of federal funding, UCSB is required to address the government’s research security program requirements. These requirements were broadly outlined in National Security Presidential Memorandum 33 (NSPM-33) and sections of the CHIPS and Science Act of 2022. In mid-2024 the government released implementation guidelines for federal agencies and key agency-specific requirements are listed below. UCOP's office of Ethics, Compliance, and Audit Services (ECAS) is closely monitoring this issue and has a list of resources on their research security web page.
All “covered individuals” working on a federally-funded research project are required to certify that they are not an active participant of a malign foreign talent recruitment program (MFTRP). The University of California has published a Foreign Talent Program web page, which includes the definition of a MFTRP. Additional information on foreign talent programs my be found on our Foreign Involvement & International Engagement web page.
Agency-specific Requirements
National Science Foundation (NSF)
The NSF has published a research security web page, which describes policies and actions they have taken. This includes the establishment of their TRUST program, which involves assessing grant proposals for research security risks.
PIs and Key Personnel must certify that their Biographical Sketch and Current & Pending (Other) Support information is current, accurate, and complete. NSF has funded the development of research security training, which will be required annually.
Institutions receiving NSF funding are required to disclose gifts and contracts received from a foreign country of concern, as mandated by the CHIPS and Science Act of 2022.
National Institutes of Health (NIH)
While the NIH has not created a single research security website, it has announced several research security measures and guidance. In addition, NIH has released a Decision Matrix that explains how NIH considers research security risks. Depending on the specific circumstances, NIH may require mitigation measures before a grant is funded.
PIs and Key Personnel are required to disclose all sources of research support, foreign components, and financial conflicts of interest. NIH defines a “foreign component” as the performance of any significant element or segment of the project outside the United States either by the grantee or by a researcher employed by a foreign institution, whether or not grant funds are expended. See NIH’s foreign components web page for more information.
Foreign subaward agreements must contain a provision requiring foreign subrecipients to provide access to copies of all lab notebooks, all data, and all documentation that supports the research outcomes, as described in the progress report. See NIH notice NOT-OD-23-182 for details.
Department of Defense (DoD)
The DoD has published a Decision Matrix that explains how DoD assesses research security risks for fundamental research. DoD recipients involved with international collaborations should familiarize themselves with DoD’s criteria. Association with restricted foreign institutions may require mitigation measures, or in some cases, result in DoD declining to fund a proposal. Individual units within the DoD may have different thresholds for determining research security risks than are described in the decision matrix mentioned above.
Department of Energy (DOE)
In November 2024, the DOE outlined their approach to Research, Technology, and Economic Security (RTES) risk in financial assistance and loan activities. Some awards may require information about foreign nationals working on a project and PIs should be alert for solicitations that include restrictions on foreign national participation. UC policy does not allow for discrimination based on nationality, which may impact awards in which this restriction is enforced.
DOE will also require annual research security training for all covered individuals. DOE will require that this training be completed prior to proposal submission. Once this goes into effect on May 1, 2025, covered individuals will need to complete the training and submit a training certification as part of their Current and Pending Support. Individuals added to a project must certify they have completed the training within 30 days.
Training
Research Security Training
The annual Research Security at the University of California course takes approximately 30-40 minutes to complete. This course fulfills the training requirements of the CHIPS and Science Act and National Security Presidential Memo-33 for covered individuals applying for federal research funding.
Federal agencies may require completion of this training before proposals are submitted and require individual and institutional certification of completion. Covered individuals are strongly encouraged to proactively complete this training in order to avoid delays in submitting funding applications. Covered individuals who have not already completed the training at the time of proposal submission will be notified to complete the training.
Topics include:
- An overview of Research Security
- Case studies
- International collaboration
- Disclosure
- Information and data security
- Elicitation
- Talent recruitment programs and Malign Foreign Talent Recruitment Programs
- International travel
Other Training
The National Science Foundation's Research Security Training website provides four training modules on research security. If you complete any of these training modules, we recommend that you save a copy of the completion certificate.
Ethics and Compliance training
The University of California requires that researchers supported by extramural funding complete the Ethics and Compliance Briefing for Researchers through the UC Learning Center. This training must be completed once every two years. If you are required to complete this training, you should be notified by email. If you do not receive an email and need to be assigned this training, please contact coi@research.ucsb.edu and ask to be added to the “ECBR” training audience.
Cybersecurity training
University faculty and staff are also required to complete Cybersecurity training through the UC Learning Center. You should be notified by email if you are required to complete this training.
Responsible Conduct of Research training
Certain groups of researchers are required to complete training in the responsible and ethical conduct of research. Recent legislation and sponsor policies have added new requirements that both expand who is required to complete this training and the topics that should be covered. Individual researchers will be notified if they are required to complete this training. More information can be found at the Responsible Conduct of Research webpage.
Export Controls
Training in the following topics is available through the UCSB Learning Center (UCSB login required):