Jeanette McMillian, the Assistant Director for NCSC's Supply Chain and Cyber Directorate, recently sat down with Mr. John P. Leonard, the Deputy Executive Assistant Commissioner for the Office of Trade at U.S. Customs and Border Protection (CBP), for a podcast interview.

The discussion focused on supply chain security from CBP’s perspective, highlighting some of the issues CBP sees at the intersection of trade security and supply chain security, including the rise of ecommerce, cyber security incidents, intellectual property rights enforcement, and trade relations with our number one trading partner, China.

•  Check out the podcast interview, click here
•  For a transcript of the interview, click here
•  For Mr. John P. Leonard biography, click here

Guest Speaker

Mr. John P. Leonard is the Deputy Executive Assistant Commissioner (DEAC) of Office of Trade, U.S. Customs and Border Protection (CBP). Mr. Leonard oversees a diverse portfolio of trade enforcement, security, and facilitation to enable legitimate trade, contribute to American economic prosperity, and protect against risks to public health and safety. His work ranges from enforcing over 500 U.S. trade laws, to overseeing 14 trade agreements, to directing CBP’s seven Priority Trade Issues in collaboration with 49 partner government agencies.

Research Security

In July 2024, the White House Office of Science and Technology Policy (OSTP) issued a memorandum on Guidelines for Research Security Programs at Covered Institutions, which outlines guidelines which require that participants in the U.S. R&D enterprise receiving federal science and engineering support “in excess of $50 million per year” certify to the funding agency that the institution has established and operates a research security program, including research security training as required by the CHIPS and Science Act, to address their unique needs, challenges, and risk profiles.  These guidelines address risks posed by strategic competitors to the U.S. research and development (R&D) enterprise by implementing several measures to improve research security while preserving the openness that has long enabled U.S. R&D leadership throughout the world and without exacerbating xenophobia, prejudice, or discrimination.

In February 2024, the White House Office of Science and Technology Policy (OSTP) issued a memorandum on Policy Regarding Use of Common Disclosure Forms, which outlines guidelines on the use of common disclosure forms for federal agencies to use when evaluating proposals. These will help the government identify conflicts of commitment and potential duplication with the work of foreign governments. OSTP also released Guidelines for Federal Research Agencies Regarding Foreign Talent Recruitment Programs. This guidance provides a definition of foreign talent recruitment programs, guidelines for federal employees regarding foreign talent recruitment programs, and guidelines for individuals involved in malign foreign talent recruitment programs in federal projects.

In August 2023, the National Institute of Standards and Technology (NIST) released the "Safeguarding International Science Research Security Framework," which is designed to enable organizations to implement a mission-focused, integrated, risk-balanced program through the application of research security principles and best practices that fosters the safeguarding of international science while mitigating risks to the integrity of the open collaborative environment. This NIST Framework is a living document and will continue to be updated and improved as its users provide feedback on implementation of review procedures or to address new or emerging risks. This will ensure it is meeting the needs of Research Security practitioners in a dynamic and challenging environment of new threats, risks, and creative solutions.

The National Science Foundation is committed to maintaining the integrity of international scientific collaborations. They have developed resources to enhance research security practices that are reliable and adaptive to emerging and evolving threats. You can find these resources below and visit the NSF Research Security site for more information.

Quick Reference

   Introduction

1. Research Security Background Documents
2. Research Security Actions and Practices
3. White House Documents
4. Documents on Disclosure Requirements and Standardization
5. Documents on Digital Persistent Identifiers (DPIs)
6. Documents on Research Security Programs
7. Risk Assessment and Mitigation
8. Value of Principled International Collaboration
9. Research Security Guidance from International Entities
10. Research Security Guidance from Associations and Societies 

Introduction

Below is a collection of documents for reference collected by the National Science Foundation’s (NSF) Office of the Chief of Research Security Strategy and Policy (OCRSSP) regarding best practices in research security for the academic community. As stated by the NSPM-33 Implementation Guidance, research security is defined as “safeguarding the research enterprise against the misappropriation of research and development to the detriment of national or economic security, related violations of research integrity, and foreign government interference.” 

This research security toolkit is intended to serve as a resource for the academic community to understand initiatives currently underway and rationale for published guidance. Beginning with documents intended to outline key emerging concerns in the fundamental research security ecosystem (see Section I and Section II) and documents published by the White House (see Section III), resources are then categorized into seven groups: resources related to disclosure requirements and standardization (see Section IV); digital persistent identifiers (DPIs) (see Section V); research security programs (see Section VI); risk assessment and mitigation (see Section VII); the value of principled collaboration (see Section VIII); research security guidance from international entities (see Section IX); and research security guidance from associations and societies (see Section X).

I. Research Security Background Documents

1. NSDD-189 – National Security Decision Directive 189 (NSDD-189) (Established in 1985, reaffirmed in 2001 and 2010)
   Directive
   Short Description: NSDD-189 remains a cornerstone of the fundamental research enterprise, making a clear distinction between fundamental and classified research and stating that products of fundamental research should remain “remain unrestricted” to the “maximum extent possible.”
2. JASON/NSF – JASON Report on Fundamental Research Security (Dec 2019)
   Full Report
   Short Description: “NSF has charged JASON to produce an unclassified report that can be widely disseminated and discussed in the academic community, providing technical or other data about specific security concerns in a classified appendix.” Of the 6 questions NSF charged JASON to answer relevant to openness in fundamental research, principles of scientific openness, areas of fundamental research necessitating more control, controls on information, and best practices researchers can put in place, this report details “the results from the ensuing inquiry, discussions, and debates engaged with NSF, senior university administrators, the intelligence community, law enforcement, and others.”
   NSF Response to JASON Report
   Short Description: This document includes NSF’s response to JASON’s nine recommendations on fundamental science and security.
3. NSF – Research Security Website
   Website
   Short Description: The NSF Research Security website includes updates on research security activities being conducted by the Office of the CRSSP, summaries of issues relevant to foreign interference and risk mitigation, and additional resources for reference.
4. NSF – Webpage on NSTC Research Security Subcommittee, NSPM-33 Implementation Guidance Disclosure Requirements & Standardization
   Website
   Short Description: “The National Science and Technology Council (NSTC) Research Security Subcommittee has worked to develop consistent disclosure requirements for use by senior personnel, as well as to develop proposed common disclosure forms for the Biographical Sketch and Current and Pending (Other) Support sections of an application for Federal research and development (R&D) grants or cooperative agreements. NSF has agreed to serve as steward for these common forms as well as for posting and maintenance of the table entitled, NSPM-33 Implementation Guidance Pre- and Post-award Disclosures Relating to the Biographical Sketch and Current and Pending (Other) Support.” This website provides up-to-date information on disclosure requirements.
5. COGR – Matrix of Science & Security Laws, Regulations, and Policies (Sep 2022)
   Webpage with Matrix
   Short Description: “COGR has developed a comprehensive chart that summarizes and compares federal laws, regulations, and policies in the area of science and security. The chart is divided into three separate tabs that cover (a) major federal-wide legislation or policy (e.g., National Presidential Security Memorandum 33, CHIPS and Science Act of 2022); (b) agency disclosure requirements for researchers and research institutions; and (c) agency conflict of interest policies. The chart will be updated as new laws, policy and guidance are published."

Back to top of page

II. Research Security Actions and Practices

1. NSF – Former NSF Director Dr. France A. Córdova’s Dear Colleague Letter to the Academic Community (Jul 2019)
   Letter
   Short Description:Short Description: This Dear Colleague Letter, addressed to the academic community, identifies emerging risks to the nation’s science and engineering enterprise and identifies actions NSF is undertaking to uphold the values of “openness, transparency, and reciprocal collaboration.”
2. NSTC – Recommended Practices for Strengthening the Security and Integrity of America’s Science and Technology Research Enterprise (Jan 2021)
   Document
   Short Description:“This document was developed by the Subcommittee on Research Security, in coordination with the National Security Council staff, and was reviewed by JCORE [the Joint Committee on the Research Environment]. The document outlines recommended guidelines for organizations that conduct research.”
3. American Council on Education (ACE) – Letter to ACE Member Presidents and Chancellors Regarding Growing Concerns about Foreign Influence/Interference (May 2019)
   Letter
   Short Description: This letter to ACE member Presidents and Chancellors highlights growing concerns regarding foreign influence and foreign interference in the U.S. research environment. In addition to citing steps federal entities are taking to secure the fundamental research environment, the letter offers suggestions and actions institutions can take to further enhance the security of their international partnerships.

III. White House Documents

1. National Security Presidential Memorandum on United States Government-Supported Research and Development National Security Policy 33 (NSPM-33) (Jan 2021)
   Memorandum
   Short Description: “This memorandum directs action to strengthen protections of United States Government-supported Research and Development (R&D) against foreign government interference and exploitation. The United States Government provides significant support to R&D across a broad spectrum of research institutions and programs conducted both within and outside of the United States and its territories. This R&D, including both basic and applied research, is a key contributor to American science and technology (S&T) innovation and is essential to United States economic and national security.”
2. NSTC – NSPM-33 Implementation Guidance (Jan 2022)
   Implementation Guidance
   Short Description: “The purpose of this document is to provide guidance to Federal departments and agencies regarding their implementation of National Security Presidential Memorandum 33 on National Security Strategy for U.S. Government-Supported Research and Development.”

Back to top of page

IV. Documents on Disclosure Requirements and Standardization

1. Government Accountability Office (GAO) – Federal Research: Agencies Need to Enhance Policies to Address Foreign Influence (Dec 2020)
   Report
   Short Description: “GAO was asked to review federal agency and university COI policies and disclosure requirements. In this report, GAO examines (1) COI policies and disclosure requirements at selected agencies and universities that address potential foreign threats, (2) mechanisms to monitor and enforce policies and requirements, and (3) the views of selected stakeholders on how to better address foreign threats to federally funded research. GAO reviewed laws, regulations, federal guidance, and agency and university COI policies and requirements. GAO also interviewed agency officials, university officials, and researchers.” See full report for information relevant to disclosure requirements and standardization.
2. NSPM-33 (Jan 2021)
   Memorandum
   Short Description: For information relevant to disclosure requirements and standardization, see Section 4.
3. NSTC – NSPM-33 Implementation Guidance (Jan 2022)
   Document
   Short Description: For information relevant to disclosure requirements and standardization, see pp. 2-7.
4. NSF – NSF Proposal and Award Policies and Procedures Guide (PAPPG) (NSF 22-1) (Oct 2021)
   Document
   Short Description: “The PAPPG is comprised of information relating to NSF’s proposal and award process for the assistance programs of NSF.” The PAPPG is designed to set forth NSF’s proposal preparation and submission guidelines, as well as set forth NSF policies and procedures regarding the award, administration, and monitoring of grants and cooperative agreements. For information relevant to disclosure requirements and standardization, see Chapters II.C.1.e, II.C.2.f, and II.C.2.h.
5. NSF – Draft Common Disclosure Forms for the Biographical Sketch and Current and Pending (Other) Support
   Federal Register Notice
   NSF Website
   Short Description: “NSF, on behalf of the National Science and Technology Council's (NSTC) Research Security Subcommittee, is soliciting public comment on common disclosure forms for the Biographical Sketch and Current and Pending (Other) Support sections of a research application. An excel spreadsheet that summarizes all of the data elements that will be collected in both the Biographical Sketch and Current and Pending (Other) Support, as well as their associated attributes, also is included for public comment.” All comments must be received by October 31, 2022, to be assured consideration. For updated information relevant to disclosure requirements and standardization, visit the NSF website.
6. National Institutes of Health (NIH) – Requirements for Disclosure of other Support, Foreign Components, and Conflicts of Interest
   Website
   Short Description: “Full transparency in NIH applications and throughout the life of an NIH grant is critical. NIH requires the disclosure of all sources of research support, foreign components, and financial conflicts of interest for senior/key personnel on research applications and awards. NIH uses this information when making its funding decisions to determine if the research being proposed is receiving other sources of funding that could be duplicative, has the necessary time allocation, or if financial interests may affect objectivity in the conduct of the research.” This webpage provides information on applicant and recipient institution responsibilities, a chart on disclosure requirements, and details NIH’s responsibilities in the grant award process. For information relevant to disclosure requirements and standardization, see full webpage.
7. Department of Energy (DOE) – PF 2022-32 Department of Energy Current and Pending Support Disclosure Requirements for Financial Assistance (Jun 2022)
   Website
   Financial Assistance Letter
   Short Description: “Information and guidance regarding the Department of Energy’s (DOE’s) implementation of National Security Presidential Memorandum 33 (NSPM-33) on National Security Strategy for United States Government-Supported Research and Development, issued January 2022 is provided by the attached Financial Assistance Letter.” For information relevant to disclosure requirements and standardization, see the Financial Assistance Letter

V. Documents on Digital Persistent Identifiers (DPIs)

1. NSPM-33 (Jan 2021)
   Memorandum
   Short Description: For information relevant to DPIs, see Section 4.
2. NSTC – NSPM-33 Implementation Guidance (Jan 2022)
   Implementation Guidance
   Short Description: For information relevant to DPIs, see pp. 8-10.
3. COGR – Summary of NSTC Guidance for Implementing NSPM-33: Provisions Regarding DPIs, Consequences, Information Sharing and Research Programs (Jan 2022)
   Summary
   Short Description: “This summary highlights key points of the NSPM-33 Guidance that address the other topics covered by the document: DPIs, consequences, information sharing, and research security programs.” For information relevant to DPIs, see pp. 1-2.

Back to top of page

VI. Documents on Research Security Programs

1. NSPM-33 (Jan 2021)
   Memorandum
   Short Description: For information relevant to research security programs, see Section 4.
2. NSTC – NSPM-33 Implementation Guidance (Jan 2022)
   Implementation Guidance
   Short Description: For information relevant to research security programs, see pp. 18-21.
3. GAO – Federal Research: Agencies Need to Enhance Policies to Address Foreign Influence (Dec 2020)
   Report
   Short Description: For information relevant to research security programs, see pp. 25-26.
4. COGR – Summary of NSTC Guidance for Implementing NSPM-33: Provisions Regarding DPIs, Consequences, Information Sharing and Research Programs (Jan 2022)
   Summary
   Short Description: For information relevant to research security programs, see pp. 5-6, 8-9.

Back to top of page

VII. Risk Assessment and Mitigation

1. NSF/JASON – JASON Report on Fundamental Research Security (Dec 2019)
   Full Report
   Short Description: See full report for information relevant to risk assessment and mitigation. See Section 7.3 for samples of questions that may be used for risk assessment.
2. NSF – Research Security Website
   Website
   Short Description: For information relevant to risk assessment and mitigation, see section on “Foreign Interference and Risk Mitigation.”
3. NSTC – Recommended Practices for Strengthening the Security and Integrity of America’s Science and Technology Research Enterprise (Jan 2021)
   Document
   Short Description: For information relevant to risk assessment and mitigation, see pp. 14-15, items 18-21.
4. ACE – Letter to ACE Member Presidents and Chancellors Regarding Growing Concerns about Foreign Influence/Interference (May 2019)
5. Letter
   Short Description: For information relevant to risk assessment and mitigation, see pp. 4-7.
6. ACE – Letter to ACE Member Presidents Hosting Confucius Institutes (Jul 2018)
   Letter
   Short Description: This letter to ACE member presidents of institutions with Confucius Institutes provides recommendations on how to proactively assess the security of these specific programs, increase transparency, and enhance the security of research with national and economic security implications.

Back to top of page

VIII. Value of Principled International Collaboration

1. American Academy of Arts and Sciences (AAAS) – America and the International Future of Science, Challenges for International Scientific Partnerships Initiative (Dec 2020)
   Report
   Short Description: “This report takes a broad view of international scientific partnerships, on all scales and levels of formality, and identifies elements that are integral to successful collaboration.” For information relevant to principled international collaboration, see pp. 33-35.

Back to top of page

IX. Research Security Guidance from International Entities

1. Australia – “Guidelines to Counter Foreign Interference in the Australian University Sector”, University Foreign Interference Taskforce (Nov 2019, modified in Nov 2021)
   Guidelines
   Short Description: “These Guidelines support universities to develop new or examine existing tools, frameworks and resources to use for assessing and mitigating risks from foreign interference, proportionate to risk. They also promote greater consistency across the sector. They offer principle-based and specific advice to universities on how to manage risk in their institution. The advice recognises that risk is not uniform across the sector, and universities may implement additional or existing leading-practice mitigation actions proportionate to their own risks of foreign interference. Universities are encouraged to consider whether the Guidelines can be applied to transnational education business models or offshore campuses, where appropriate.”
2. Australia – Australian Strategic Policy Institute, China Defence Universities Tracker (launched Nov 2019, updated May 2021)
   Tracker
   Report
   Short Description: “The China Defence Universities Tracker is a database of Chinese institutions engaged in military or security-related science and technology research. The updated Tracker – and accompanying report – continue to be a tool that enables universities, governments, the business community and scholars to conduct due diligence as they engage with entities from China…the Tracker should be used to inform due diligence of Chinese institutions, however, the fact that an institution is not included here does not indicate that it should not raise risks or is not involved in defence research. Similarly, entries in the database may not reflect the full range and nature of an institution’s defence and security links.”
3. Canada – Safeguarding Your Research Website
   Website
   Short Description: This website provides researchers guidance on how to safeguard their research and innovation, covering topics such as 1) why researchers should safeguard research, 2) who they are at risk from, 3) what risks exist, 4) steps that can be taken to protect research, and more.
4. Denmark – “Guidelines for International Research and Innovation Cooperation” (May 2022)
   Guidelines
   Short Description: “These guidelines have been prepared by the Committee on guidelines for international research and innovation cooperation…[and are intended to] help Danish institutions achieve a balanced approach to international cooperation on research and innovation, aiming to reduce ethical, financial and security risks and to protect their own long-term interests within such cooperation.”
5. Global Research Council – Statement of Principles and Practices for Research Ethics, Integrity, and Culture in the Context of Rapid-Results Research (May 2022)
   Statement
   Short Description: “This Statement outlines eight principles and practices that frame the collective responsibility of funding agencies; researchers; public and private research organizations (both for- and non-profit); and national governments in ensuring the integrity of rapid-results research. This statement addresses all aspects of national and international research enterprises, from ideation to dissemination and commercialization, and has the potential to strengthen research outcomes.”
6. G7 – Common Values and Principles on Research Security and Research Integrity (June 2022)
   Paper
   Short Description: This collaborative paper among G7 members emphasizes “the continuation of a collaborative research system where the importance of all talent – domestic and international – is acknowledged. Openness and security are not contradictory but complementary and mutually reinforcing.” This paper provides the G7’s common vision and principles in research security and integrity; defines important concepts; and describes current activities aimed at addressing existing concerns in the research enterprise.
7. Japan – Policy Directions for Ensuring Research Integrity in Response to New Risks Associated with Increasing Internationalization and Openness of Research Activities (April 2021)
   Document
   Short Description: This document outlines steps the Japanese government is taking “in collaboration with researchers, universities, research institutions, and research funding agencies to support [and] autonomously secure the soundness and fairness of research (research integrity) of researchers, universities, and research institutions.” Efforts discussed include initiatives relevant to disclosure and outreach to organizations.
8. New Zealand – Due Diligence Assessments: For Espionage and Foreign Interference Threats (May 2022)
   Guide
   Short Description: “This guidance outlines potential Foreign Interference risks to New Zealand business, research, and investment. It has practical approaches to due diligence, including identifying and making informed decisions about potential risks.”
9. Organization for Economic Co-operation and Development (OECD) – OECD Report on Integrity and Security in the Global Research Ecosystem (June 2022)
   Report
   Short Description: “This report describes policy initiatives and actions to safeguard national and economic security whilst protecting freedom of inquiry, promoting international research cooperation, and ensuring openness and non-discrimination. It includes examples of actions that are being taken to prevent foreign interference, manage risks, and help ensure trust in science in the future, offering recommendations to help countries develop effective policies to strengthen research security as part of a broader framework of research integrity.”
10. Sweden – Swedish Foundation for International Cooperation in Research and Higher Education (STINT), Responsible Internationalisation: Guidelines for Reflection on International Academic Collaboration (2020)
    Document
    Short Description: “The document is intended to serve as support for reflection and as the basis for discussion of strategic decisions on internationalisation. The purpose is to aid researchers, research directors, department heads, and university administration in assessing collaborations and structuring discussions on how the HEI [higher education institution], department or research group should approach international collaboration.”
11. United Kingdom – Website on Trusted Research
    Website
    Short Description: Trusted Research, “a campaign to raise awareness of the risks to research collaborations which may occur when working with organisations or research partners with links to nations whose democratic and ethical values are different from our own”, aims to support the integrity of the system of international research collaboration. “Advice has been produced in consultation with the research and university community and is designed to help the U.K.’s world-leading research and innovation sector get the most out of international scientific collaboration whilst protecting intellectual property, sensitive research and personal information.” The U.K. Government’s National Technical Authority for Physical and Personnel Protective Security has developed an interactive website that provides guidance and checklists for academia and industry.

Back to top of page

X. Research Security Guidance from Associations and Societies

1. Association of American Medical Colleges (AAMC) – Research Security and Foreign Interference at U.S. Academic Institutions Webpage
   Webpage
   Short Description: “This page provides background information [on research security and foreign interference], the latest updates on relevant federal government policies and activities, and considerations and resources for institutional leadership, administrators, and researchers as they address this issue on their [campuses].”

Back to top of page

Physical Security for Industry & Academia

eLearning Courses

• Workplace Security Awareness
  This course provides guidance to individuals and organizations on how to improve the security in your workplace. Noworkplace—be it an office building, construction site, factory floor, or retail store—is immune from security threats.

Resources

• DSAC Critical Infrastructure Resources
  This site provides valuable information about daily open-source infrastructure reports, the InfraGard Program, and other resources for protecting critical infrastructure.
• CISA Infrastructure Security
  Explore the infrastructure security services CISA offers through this website as well as through the CISA Services Catalog.
• Safeguarding by Building Bridges: Physical and Cybersecurity Collaboration developed by University of North Dakota
  The University of North Dakota (UND) established the Safeguarding UND initiative by effectively integrating traditional physical security and public safety issues with cybersecurity concerns.