The White House Office of Science and Technology Policy (OSTP) issued new guidelines to Federal research agencies this week to improve research security and better protect U.S. research and development (R&D) work from foreign adversaries.
In a July 9 memo, OSTP Director Arati Prabhakar explained that Federal research agencies must now certify that a research institution “has established and operates a research security program.”
The guidelines help Federal research agencies meet a requirement set by the National Security Presidential Memorandum-33 (NSPM33).
“The purpose of the administration’s research security efforts is to make sure that institutions of higher education and other research institutions recognize the altered global landscape and fulfill their responsibilities as the first line of defense against improper or illicit activity,” the memo says.
“It is vital that research security programs increase awareness of research security threats and enable researchers, other participants in the U.S. R&D enterprise, and Federal research agencies to respond appropriately while maintaining openness and ensuring fairness,” it adds.
The memo outlines requirements for research security programs, including that higher education institutions implement a cybersecurity program consistent with the CHIPS and Science Act’s cybersecurity resource.
For research institutions that are not higher education institutions, Federal research agencies will require them to implement a cybersecurity program “consistent with another relevant cybersecurity resource” – such as one maintained by the National Institute of Standards and Technology (NIST).
It also calls on research institutions to implement periodic training on foreign travel security, implement a travel reporting program, and implement a research security training program for all employees.
Finally, it requires research institutions “to certify that the institution requires covered individuals who perform R&D involving export-controlled technologies, to complete training on U.S. export control and compliance requirements.”
Within six months, Federal research agencies will be required to submit to OSTP and the Office of Management and Budget their plans for updating their policies to implement this guidance. OSTP said Federal research agencies must implement updated policies no later than six months after they submit their finalized plans.
However, Federal research agencies will ensure that covered institutions have “adequate time, but not more than 18 months after the effective date of their plans” to implement the memo’s requirements.
