Federal agencies have increased requirements to protect U.S. research from foreign interference. Under National Security Presidential Memorandum 33 (NSPM-33), institutions receiving more than $50 million per year in federal science and engineering support for the previous two fiscal years must operate a research security program.
Research security refers to activities that safeguard “the research enterprise against the misappropriation of research and development to the detriment of national or economic security, related violations of research integrity, and foreign government interference.”
As specified in NSPM-33 final implementation guidance, a research security program must include:
- A cybersecurity program consistent with the National Institute of Standards and Technology guidance.
- Foreign travel security that includes reporting requirements and periodic training for covered individuals.
- Research security training for covered individuals and UO certification of individuals' completion of such training.
- Export control training for covered individuals who perform research and development involving export-controlled technologies and processes for reviewing foreign sponsors, collaborators, and partnerships.
Federal research agencies may develop additional requirements for research security programs beyond the four elements above.
Element 1: Cybersecurity
The National Institute of Standards and Technology has yet to release its guidance for required NSPM-33 cybersecurity measures.
Some sponsored projects, such as those that contain Controlled Unclassified Information (CUI) or Cybersecurity Maturity Model Certification (CMMC) requirements, already required enhanced cybersecurity. The Export Control Officer and Sponsored Projects Services monitor award terms and conditions to identify these types of projects. Please contact the Export Control Officer if you believe your research project needs additional security measures.
All UO employees must complete annual cybersecurity training starting May 17, 2025. The training covers various aspects of cybersecurity, including recognizing phishing attempts, creating strong passwords, working remotely and in the cloud, and securing personal devices.
Element 2: Foreign Travel Security
All travel requests and reimbursements must be entered into Concur, regardless of whether the trip is domestic or international. Many offices, including the Office of Export Controls, rely on Concur notifications to begin compliance processes on the traveler's behalf.
Required International Travel Processes
Foreign Travel Security Training (Encouraged, Not Yet Required)
This training will soon be required for principal investigators (PIs), co-principal investigators (co-PIs), and senior/key personnel who travel internationally for organization business, teaching, conference attendance, or research purposes regardless of whether the travel will be charged to a sponsored project.
Training Details:
- Required every 6 years
- Must be completed before international travel
- Takes about 1 hour
- Available in MyTrack Learning
Element 3: Research Security Training (Required for All Federally Funded Researchers)
Effective October 1, 2025, principal investigators (PIs), co-principal investigators (co-PIs), and senior/key personnel who apply to or hold federally funded awards must complete annual research security training. Any researcher who contributes in a substantive, meaningful way to the scientific development or execution of the project is considered senior/key personnel and has the training requirement.
Training Details:
- Required annually
- Must be completed before proposal submission and annually during the period of a federal award
- Takes about 1 hour
- Available in MyTrack Learning
Be sure to advance the training module until you see the certificate of completion at the very end. Otherwise, MyTrack may not record the training as complete.
Research Security Training for Subawardees and Contractors (Required)
The subawardee PI, co-PI, and senior/key personnel on federally funded awards must complete research security training, as does any other subaward researcher who contributes in a substantive, meaningful way to the scientific development or execution of the project.
Contractors who contribute in a substantive, meaningful way to the scientific development or execution of the project also need to complete research security training. Some contractors will meet this definition and others won’t.
Training Details:
- Required annually
- Must be completed before proposal submission and annually during the period of a federal award
- Takes about 1 hour
- Available from the SECURE Center
Subawardees and contractors should print and retain the certificate of completion at the end. Subawardees indicate their completion of the training requirement to the UO via the subaward certification form.
Please note that any UO researcher with a Duck ID must complete the research security training via MyTrack Learning. The below link is only for subawardees and contractors.
Training for Subawardees & Contractors
Element 4: Export Control Training (Encouraged, Not Yet Required)
Researchers working with export‑controlled technologies will be required to complete export control training once federal agencies finalize requirements.
The Office of Export Controls and Sponsored Projects Services will monitor award terms and conditions to identify researchers who will have this training requirement.
Training Details:
- Takes about 30 minutes
- Export Compliance Course available in CITI
Download our step-by-step guide for adding the Export Compliance Course. You're also welcome to email us, and we can add it for you. The course will take approximately 30 minutes to complete.
CITI offers instructions on how to affiliate the University of Oregon with your account if you have not already done so. If your account is not associated with the UO, we cannot confirm your required course completion.
Login to CITI with Your Duck ID
Required Disclosures
Most federal sponsors require researchers to submit disclosures via biographical sketches and Current and Pending or Other Support documents as part of their proposals.
- Biographical Sketch: Outlines a researcher’s qualifications for the project
- Current and Pending or Other Support: Lists all research supports and commitments
Researchers may also need to disclose financial interests and outside activities to the UO.
See Details on Required Disclosures
National Security and Research Committee (NSRC)
he NSRC brings together campus stakeholders to monitor regulatory changes, provide guidance, and support compliant research practices. The committee meets quarterly.
Research Security Program Contacts and Report a Research Security Concern
The research security program contact is General Counsel and Assistant Vice President for Research Integrity Jessica Price.
To report a research security concern, click the button below. Then, navigate to "Research" and select "Export Controls."