NSPM-33 and CHIPS and Science Act Implementation Status

National Security Presidential Memorandum 33

National Security Presidential Memorandum 33 (NSPM-33) requires research institutions that receive more than $50 million per year in federal science and engineering support for the previous two fiscal years to operate a research security program.

NSPM-33 interim implementation guidance was released January 2022, and final implementation guidance was released July 2024.

A research security program must include: 

  • A cybersecurity program consistent with the National Institute of Standards and Technology guidance
  • Foreign travel security that includes periodic training for covered individuals and reporting requirements
  • Research security training for covered individuals and an institution's certification of individuals' completion of such training
  • Export control training for covered individuals who perform research and development involving export-controlled technologies and processes for reviewing foreign sponsors, collaborators, and partnerships

Under the final implementation guidance, federal research agencies may develop additional requirements for research security programs beyond the four elements above.

CHIPS and Science Act

The CHIPS and Science Act requires:

  • Researchers on federal research awards to complete annual research security training. (Section 10634)
  • Researchers to certify at the time of proposal submission and annually during the duration of an award that they are not part of a malign foreign talent recruitment program. (Section 10632)
  • Institutions to certify that researchers are aware of the prohibition of participating in malign foreign talent recruitment programs. (Section 10634)