Research security is technology protection in action. It serves as a localized first line of defense employing balanced risk management protocols that safeguard science and innovation by mitigating foreign threats to critical and emerging technologies and the underlying scientific research ecosystem.
Research security protects the means, know-how and products of research until they are ready to be shared. It facilitates open science and international collaboration while protecting national security and economic security interests.
NIST’s mission is to promote U.S. innovation and industrial competitiveness by advancing measurement science, standards, and technology in ways that enhance economic security and improve our quality of life. NIST engages in and funds research that improves U.S. economic competitiveness and the security of the domestic microelectronics supply chain, but also ensures that research is protected from foreign competitors.
Unfortunately, competitor nations have aggressively sought to acquire, through licit or illicit means, U.S. intellectual property (IP), including from federal, academic and industry scientific research-focused organizations. Within this environment, NIST and its grantees must protect federally funded research products and the economic and national security advantages they provide to the United States, just as companies would protect their competitive advantage.
Congress and the Administration have taken several actions to guard federally funded research and IP. For instance, National Security Policy Memorandum 33 (NSPM-33) and its subsequent Implementation Guidance require certain Federal funding recipients to establish research security programs. In response, NIST’s approach to research security seeks to balance the benefits of an open scientific research ecosystem and of international collaboration with the need to protect critical technology and IP.
NSPM-33 requires that organizations receiving more than $50 million in federal R&D funding establish their own research security programs, which must address cybersecurity, foreign travel security, research security training and, as appropriate, export control and compliance. Federal funding agencies may establish additional requirements for these programs, including to address risks to critical and emerging technologies.
In August 2023, NIST published Safeguarding International Science: Research Security Framework (NIST IR 8484) to help provide guidance on establishing a successful research security program.
Several organizations have compiled additional guidance on addressing research security, including the National Counterintelligence and Security Center’s collection of resources on Safeguarding Science, the National Science and Technology Council’s Guidance for Implementing NSPM-33, the Association of American Universities’ Science and Security Resource Document, and the National Science Foundation’s research training modules.
At present, NIST does not require applicants to demonstrate the existence of a research security program in order to apply for or receive funding. However, applicants must provide a written plan (i.e., a research security plan) describing internal processes or procedures for addressing foreign talent recruitment programs, conflicts of commitment, conflicts of interest, research security training, and research integrity, as applicable.
During the review of the application, the NIST Research Security and Safeguarding International Science Team will use NIST IR 8484 as the basis for reviewing and assessing research security risks.
In conducting its assessment, NIST will consider factors such as the type of research to be conducted (e.g., fundamental vs. proprietary research), potential dual use applications (e.g., military and civilian), and the benefits of the research collaboration.
NIST will also review available information (e.g., the Current and Pending Support Forms and resumes or CVs) to assess whether the applicant or any covered individuals are subject to any undue foreign influence or interference by foreign strategic competitors or governments of countries that have a history of IP theft, research misconduct, or targeting U.S. technology for unauthorized transfer.
If the NIST Research Security and Safeguarding International Science Team issues a risk determination that an application presents a high risk, NIST may provide the applicant, at its sole discretion, an opportunity to mitigate the assessed risk prior to making a final funding determination on the application.
This research security assessment will occur separate from the CHIPS R&D evaluation based on the evaluation criteria defined within the funding opportunity.
The term “covered individual” is defined as “an individual (A) who contributes to a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from a federal research agency; and (B) is designated as a covered individual by the Federal research agency concerned.”
Covered individuals include principal investigator, co-investigators, and associate investigators and any individual listed as “key personnel” or as a “Senior/Key Person” or for whom a resume or CV is provided. Personnel who participate only through isolated tasks that are incidental to the research (for example, setting up equipment or performing administrative functions), and those individuals who support research by executing discrete tasks as directed are not covered individuals. Consistent with guidance for implementing NSPM-33, disclosures from broader classes of individuals (e.g., certain graduate students and undergraduate students) will generally be unnecessary, except when the activities of such an individual in a specific proposal rise to the level of meeting the definition of a “covered individual” under 42 U.S.C. § 6605(d)(1).
Complete definitions of foreign entity of concern and foreign country of concern are found at 15 CFR part 231.104.
In general, restrictions on foreign entities of concern would not alone prevent an individual lawfully present in the United States from participating in NIST-funded research. However, such individuals are subject to an individualized research security assessment. Prospective applicants and subcontractors are encouraged to contact the NIST Research Security and Safeguarding International Science Team (researchsecurity [at] nist.gov (researchsecurity[at]nist[dot]gov)) for guidance on specific potential scenarios.
As established by National Security Decision Directive (NSDD) 189:
‘Fundamental research’ means basic and applied research in science and engineering, the results of which ordinarily are published and shared broadly within the scientific community, as distinguished from proprietary research and from industrial development, design, production, and product utilization, the results of which ordinarily are restricted for proprietary or national security reasons.