Research and Sponsored Programs
Research Security Training
Requirements for Research Security Training
Consistent with Section 10634 of the CHIPS and Science Act of 2022, recipients must now maintain a research security training program for covered individuals. Research security training is currently required by the Department of Energy (effective May 1, 2025), the National Science Foundation (effective October 10, 2025), and the National Institutes of Health (effective January 25, 2026) for all senior/key personnel (covered individual).
It is anticipated that additional federal agencies will implement similar requirements in the near future.
Research Security Training Options
Mandate Information by Agency
Department of Energy
DOE
Per the DOE Financial Assistance Letter dated October 7, 2024, “Covered individuals listed on applications under this funding opportunity are required to certify that they have taken research security training consistent with Section 10634 of the CHIPS and Science Act of 2022. In addition, applicants who receive an award must maintain sufficient records (records must be retained for the time period noted in 2 CFR 200.334 and made available to DOE upon request) of their compliance with this requirement for covered individuals at the applicant/recipient organization and they must extend this requirement to any and all subrecipients.”
“Covered Individual means an individual who (a) contributes in a substantive, meaningful way to the development or execution of the scope of work of a project funded by DOE or proposed for funding by DOE, and (b) is designated as a covered individual by DOE.”
Requirements subject to change by federal legislation without notice.
Department of Energy website
National Science Foundation
NSF
- NSF put a number of measures in place to strengthen research security and integrity for the federal funded research community, including:
- Emphasized compliance with disclosure rules in NSF’s Proposal and Award Policies and Procedures Guide for both NSF staff and the institutions and researchers funded by NSF.
- Required each Institution of Higher Education (IHE) who receives NSF funding to submit a Foreign Financial Disclosure Report (FFDR) through Research.gov.
- Restricts participation in foreign talent recruitment programs.
- Requires annual “Science and Security Training” – to be implemented for NSF recipients in the 2025 PAPPG.
- Established the TRUST (Trusted Research Using Safeguards and Transparency) framework to assist NSF in evaluating potential research security risks during the application process.
Requirements subject to change by federal legislation without notice.
National Science Foundation website
National Institutes of Health
NIH
Effective January 25, 2026, and in alignment with OSTP requirements, NIH will require two-part compliance for both covered institutions and individuals as outlined below:
- Covered institutions will certify to the NIH that the institution has established and operates a research security program. Each research security program must include elements relating to (1) cybersecurity; (2) foreign travel security; (3) research security training; and (4) export control training, as appropriate.
- Covered individuals (each individual identified as a senior/key person) will complete and certify that they have completed the requisite research security training that meets sponsor requirements within 12 months prior to application submission, and annually thereafter.
Individuals who are a current party to an MFTRP are not eligible to serve as a senior/key person on an NIH grant or cooperative agreement.
Individuals certify the above on a proposal-specific basis via Current and Pending Support documents, as well as annually in alignment with RPPR submission. Institutions confirm compliance with the above via AOR signature on proposals.
Requirements subject to change by federal legislation without notice.
National Institutes of Health website