Research Security Program
OSTP Quote
| March 2023 | JSR-22-08, JASON. 2023. "Research Program on Research Security"
General Prelude
As the only public Carnegie Research 1 institution in the city of Chicago, UIC’s mission is exhibited by our commitment to global engagement in research as we recognize the diversity of our international and domestic scholars who contribute to our scholarly and research excellence. To that end, UIC expects scientists and researchers to be open and transparent in their compliance with University and sponsor guidelines, policies, procedures, and regulations. UIC expects scientists and researchers to take reasonable precautions when traveling internationally to protect themselves and the University. To assist our scientists and researchers, UIC has developed a Research Security Program to meet our internal and external compliance requirements.
Presidential Memorandum on United States Government-Supported Research and Development National Security Policy (January 2021) required that “research institutions [] establish and operate research security programs”. A research security program was described to “include elements of cyber security, foreign travel security, insider threat awareness and identification, and, as appropriate, export control training.”
The National Science and Technology Council (January 2022) released a report, “Protecting the Integrity of Government Science”, outlining the need to improve governmental and institutional implementation of policies and procedures related to research misconduct, research integrity, and research security. The Office of Science and Technology Policy (July 2024) released guidance that included information related to the minimum requirements of a research security program. Similar to the Presidential Memorandum, the guidance described the research security program to include (1) cybersecurity, (2) foreign travel security, including an organizational record of covered international travel and a pre-authorization requirement with security briefings and assistance with electronic device security, (3) research security training, (4) export control training, as appropriate, and (5) designation of a research security point of contact (POC).
The Chips and Science Act of 2022 outlined requirements including the development of a National Science Foundation Office of Research Security, definition of and prohibition in participation in malign foreign government talent and recruitment programs, implementation of research security training, and definition of entities of concern.
The National Science Foundation requisitioned JASON to evaluate Research Security, resulting in the March 2023 “Research Program on Research Security” report to clarify the need for Research Security and define this term.
UIC OVCR has established programs that meet these minimum requirements, but some programs may need to be revised to address additional guidance that may be released. UIC OVCR will continue to work with Technology Solutions to implement and improve aspects of our cybersecurity infrastructure. Some currently optional programs may need to be required in the future due to the federal mandates.
UIC has and continues to:
- Operate annual Research Security and Integrity Training. General procedures for completing the training are available online and as a detailed instruction document.
- Operate a cybersecurity program for the University.
- Operate a cybersecurity training program for all faculty, staff, and students.
- Operate a process of pre-approval of international travel where:
- Travel related to an outside activity is required to be pre-approved under the UI Policy on Conflicts of Commitment and Interest and supporting software, UIC Research.
- Travel related to UI business is required to be pre-approved under the UIC International Travel Safety Policy and UI Travel reimbursement policy 15.1.5 and/or the Illinois Ethics Act.
- Operate an optional international travel training that can be requested from the Office of Research Integrity.
- Provide guidance for traveling internationally for research or with data and electronic devices.
- Operate a program for loaner laptops and loaner mobile phones for international travel.
- Operate an optional in-person research security training that can be requested from the Office of Research Integrity.
- Operate a disclosure and review of outside activities, including foreign government talent and recruitment programs, under the UI Policy on Conflicts of Commitment and Interest.
- Prohibit participation in malign foreign government talent and recruitment programs.
- Operate an Export Controls program including:
- Training through CITI, virtually, or in person through the Office of Research Integrity.
- Vetting international scholars, students, visitors, and others in collaboration the Office of International Services and units.
- Training on disclosure in funding applications in collaboration with the Office of Sponsored Programs.
- Operate with AVCR Richard Gemeinhart as the research security point of contact until a Research Security Officer is named.
The Office of the Vice Chancellor for Research will update the UIC research community as more federal agencies mandate additional processes and procedures related to research security.
UIC “will not engage in discrimination or harassment against any person because of race, color, religion, sex, national origin, ancestry, age, marital status, order of protection status, genetic information, disability, pregnancy, sexual orientation including gender identity, unfavorable discharge from the military or status as a protected veteran and will comply with all federal and state nondiscrimination, equal opportunity and affirmative action laws, orders and regulations.”
Research Security Accordion
What is UIC doing in regard to Research Security?
UIC, the Office of the Vice Chancellor for Research, and the Office of Research Integrity is:
- Offering training in several areas related to research security that can be requested from the Office of Research Integrity.
- Conducting Visual Compliance screening of international outside activities, formerly referred to as non-University activities. Outside activity disclosure and pre-approval process has been through UIC Research since June 28, 2022.
- Conducting risk-based audits of biographical sketches, other support, foreign components, and international activities reporting to federal sponsors.
- Conducting generalized audits of UIC webpages comparing the information with outside activities disclosures through UIC Research.
- Conducting risk-based and randomized auditing of publicly available data, including publication databases and media, comparing the information with outside activities disclosures. Outside activity disclosure and pre-approval process has been through UIC Research since June 28, 2022.
UIC is obligated to conduct appropriate reviews of faculty and staff activities and compliance with funding agency requirements, Federal law and guidance, and University Policies and Procedures.
What are the funding agency Research Security training requirements?
UIC’s research security and integrity training, when completed within the training windows, meets all funding agency research security training requirements. In addition to the training, most federal agencies require senior/key personnel (e.g., PI, MPI, co-PI, Co-I, collaborator, consultant, other significant contributor, project manager, project director) to certify that they have completed training within 1 year prior to applying, complete training annually, and disclose completely and transparently, as described for each agency.
Funding agency research security guidelines, rules, regulations, and policies:
- National Institutes of Health: NOT-OD-26-01 (12/2/2025) and NOT-OD-25-033 (2/4/26) required as of January 2026 with leniency through May 2026;
- National Science Foundation: Important Notice No.149 (7/10/25) required as of December 2025;
- Department of Energy: FAL 2025-02 (10/7/24) required as of May 1, 2025
- Department of Education: TBD;
- Department of Defense (War): TBD;
- Department of Agriculture (USDA): America First Memorandum (July 8, 2025) required training as of October 2025; and
- National Aeronautics and Space Administration (NASA): GIC-26-02 will require training in August 2026;
What should Colleges, Departments, Centers, and Institutes be doing to improve Research Security?
Colleges, Departments, Centers, and Institutes should:
- Request training related to research security from the Office of Research Integrity.
- Conducting Visual Compliance screening of all new hires, international visitors, collaborators, and institutions, companies, and/or organizations that faculty and staff visit or with whom the faculty and staff collaborate.
- Complete Materials Transfer Agreements (MTAs, under common agreement templates) and Data Use Agreements (FDP DTUAs, under common agreement templates) when transferring materials or data, respectively, to or from the University.
- Review biographical sketches, other support, foreign components, and international activities reporting to sponsors, assuring the accuracy of information as it is reported by the investigator in outside activities disclosures in UIC Research.
- Review publications by faculty and staff, reported through annual evaluations, sponsored program annual reports and final reports, and in public databases, to determine the appointments and affiliations listed and the funding sources cited, comparing the information with funding agency reports and applications.
- Review publications by faculty and staff, reported through annual evaluations, sponsored program annual reports and final reports, and in public databases, to determine if foreign components or international activities have been properly reported to funding agencies and if prior approval was obtained.
- Oversee investigators and staff working on sponsored projects and assuring that proper approval is obtained from the sponsor, when necessary, for non-US persons.
Colleges, Departments, Centers, and Institutes are obligated to conduct appropriate reviews of faculty and staff activities and compliance with funding agency requirements, Federal law and guidance, and University Policies and Procedures. Policies and procedures should be developed and put in place to monitor faculty compliance with foreign influence disclosures at the college, department, center, and institute level.
What types of penalties are possible for violations of Research Security?
Penalties related to research security will vary based on the alleged violations. The procedures used to adjudicate allegations will depend on the specific alleged violations. Many research security allegations center on alleged violations of the Conflict of Commitment and Interest Policy, HR Policies, and grants policies specific to a given sponsored project. Each policy has outlined actions for violations that range from minor administrative actions for minor infractions to dismissal, as described by the University of Illinois Statues, as the most severe action. Policies and procedures outline mechanisms for the individual to respond to allegations and for allegations and responses to be reviewed by individuals with no conflict of interest.
How can an individual or unit learn more about what is needed to adhere to the research security program?
Individuals are encouraged to discuss questions first with their unit executive officer(s).
Colleges, Departments, Centers and Institutes, can learn about the research security program by requesting an Information Session from the Office of Research Integrity or send an email to ori@uic.edu.
Who can I contact if there are issues related to research security?
If you have any questions related to the research security program, please contact the research security group.