Cover Story

Federal Research Security Draft Released

Posted

The White House Office of Science and Technology Policy (OSTP) requests comments from the public on draft Research Security Programs Standard Requirement developed in response to National Security Presidential Memorandum 33 on National Security Strategy for United States Government-Supported Research and Development (R&D). Interested parties should comment on or before 5 p.m. ET June 5, 2023. [FR Notice ]

National Security Presidential Memorandum 33 directs that, “heads of funding agencies shall require that research institutions receiving Federal science and engineering support in excess of 50 million dollars per year certify to the funding agency that the institution has established and operates a research security program. Institutional research security programs should include elements of cyber security, foreign travel security, insider threat awareness and identification, and, as appropriate, export control training.”

On January 4, 2022, the National Science and Technology Council released Guidance for Implementing National Security Presidential Memorandum 33 (NSPM-33), charging  OSTP with “coordina[ting] activities to protect Federally funded R&D from foreign government interference, and outreach to the United States scientific and academic communities to enhance awareness of risks to research security and Federal Government actions to address these risks.” A similar charge is captured in the National Defense Authorization Act of 2020.

A Draft Standard Requirement has been completed and is available for review at: https://www.whitehouse.gov/wp-content/uploads/2023/02/RS_Programs_Guidance_public_comment.pdf

As a condition for receiving and maintaining Federal science and engineering support, all covered research organizations must certify that they maintain a research security program that meets the requirements for foreign travel security, research security training, cybersecurity, and export control training,

Covered research organizations must maintain a description of the finalized research security program, made available on a publicly-accessible website, with descriptions of each item contained in this Memorandum. CUI information attached to areas such as cybersecurity or export controls need not be made public.

Foreign Travel Security International travel policies must established or maintained for covered individuals (see Definitional Appendix) engaged in federally funded R&D who are traveling internationally for organizational business, teaching, conference attendance, research purposes, or who receive offers of sponsored travel for research or professional purposes.

Research Security Training  must be implemented as a component of research security programs required for qualifying organizations in accordance with NSPM-33

Cybersecurity Implement baseline safeguarding protocols and procedures for information systems used to store, transmit, and conduct federally funded R&D. Cybersecurity standards for research security purposes will be guided by Section 10229 of the CHIPS and Science Act.

Export Control Training Organizations conducting R&D that is subject to export control restrictions must provide training to relevant personnel on requirements and processes for reviewing foreign sponsors, collaborators and partnerships, and for ensuring compliance with Federal export control requirements and restricted entities lists.

Areas subject to Federal export control requirements and restricted entities are defined through the International Traffic in Arms Regulations (ITAR) and Export Administration Regulations (EAR). The training must emphasize that the “fundamental research” exception has explicit limitations. For example, federally funded R&D of “applied” energy technologies (i.e., “applied research”), many with dual-uses (civilian and military), fall outside of any exception and are subject to such laws.

Comments

No comments on this item Please log in to comment by clicking here