Research Security Program
Research Security Office Hours with Michael Scian
General Prelude
As the only public Carnegie Research 1 institution in the city of Chicago, UIC’s mission is exhibited by our commitment to global engagement in research as we recognize the diversity of our international and domestic scholars who contribute to our scholarly and research excellence. To that end, UIC expects scientists and researchers to be open and transparent in their compliance with University and sponsor guidelines, policies, procedures, and regulations. UIC expects scientists and researchers to take reasonable precautions when traveling internationally to protect themselves and the University. To assist our scientists and researchers, UIC has developed a Research Security Program to meet our internal and external compliance requirements.
Presidential Memorandum on United States Government-Supported Research and Development National Security Policy (January 2021) required that “research institutions [] establish and operate research security programs”. A research security program was described to “include elements of cyber security, foreign travel security, insider threat awareness and identification, and, as appropriate, export control training.”
The National Science and Technology Council (January 2022) released a report, “Protecting the Integrity of Government Science”, outlining the need to improve governmental and institutional implementation of policies and procedures related to research misconduct, research integrity, and research security. The Office of Science and Technology Policy (July 2024) released guidance that included information related to the minimum requirements of a research security program. Similar to the Presidential Memorandum, the guidance described the research security program to include (1) cybersecurity, (2) foreign travel security, including an organizational record of covered international travel and a pre-authorization requirement with security briefings and assistance with electronic device security, (3) research security training, (4) export control training, as appropriate, and (5) designation of a research security point of contact (POC).
The Chips and Science Act of 2022 outlined requirements including the development of a National Science Foundation Office of Research Security, definition of and prohibition in participation in malign foreign government talent and recruitment programs, implementation of research security training, and definition of entities of concern.
The National Science Foundation requisitioned JASON to evaluate Research Security, resulting in the March 2023 “Research Program on Research Security” report to clarify the need for Research Security and define this term.
General Information
UIC OVCR has established programs that meet these minimum requirements, but some programs may need to be revised to address additional guidance that may be released. UIC OVCR will continue to work with Technology Solutions to implement and improve aspects of our cybersecurity infrastructure. Some currently optional programs may need to be required in the future due to the federal mandates.
UIC has and continues to:
- Operate annual Research Security and Integrity Training. General procedures for completing the training are available online and as a detailed instruction document.
- Operate a cybersecurity program for the University.
- Operate a cybersecurity training program for all faculty, staff, and students.
- Operate a process of pre-approval of international travel where:
- Travel related to an outside activity is required to be pre-approved under the UI Policy on Conflicts of Commitment and Interest and supporting software, UIC Research.
- Travel related to UI business is required to be pre-approved under the UIC International Travel Safety Policy and UI Travel reimbursement policy 15.1.5 and/or the Illinois Ethics Act.
- Operate an optional international travel training that can be requested from the Office of Research Integrity.
- Provide guidance for traveling internationally for research or with data and electronic devices.
- Operate a program for loaner laptops and loaner mobile phones for international travel.
- Operate an optional in-person research security training that can be requested from the Office of Research Integrity.
- Operate a disclosure and review of outside activities, including foreign government talent and recruitment programs, under the UI Policy on Conflicts of Commitment and Interest.
- Prohibit participation in malign foreign government talent and recruitment programs.
- Operate an Export Controls program including:
- Training through CITI, virtually, or in person through the Office of Research Integrity.
- Vetting international scholars, students, visitors, and others in collaboration the Office of International Services and units.
- Training on disclosure in funding applications in collaboration with the Office of Sponsored Programs.
- Operate with AVCR Richard Gemeinhart as the research security point of contact until a Research Security Officer is named.
The Office of the Vice Chancellor for Research will update the UIC research community as more federal agencies mandate additional processes and procedures related to research security.
UIC “will not engage in discrimination or harassment against any person because of race, color, religion, sex, national origin, ancestry, age, marital status, order of protection status, genetic information, disability, pregnancy, sexual orientation including gender identity, unfavorable discharge from the military or status as a protected veteran and will comply with all federal and state nondiscrimination, equal opportunity and affirmative action laws, orders and regulations.”
Research Security Frequently Asked Questions (FAQ)
What is UIC doing in regard to Research Security?
UIC, the Office of the Vice Chancellor for Research, and the Office of Research Integrity is:
- Offering training in several areas related to research security that can be requested from the Office of Research Integrity.
- Conducting Visual Compliance screening of international outside activities, formerly referred to as non-University activities. Outside activity disclosure and pre-approval process has been through UIC Research since June 28, 2022.
- Conducting risk-based audits of biographical sketches, other support, foreign components, and international activities reporting to federal sponsors.
- Conducting generalized audits of UIC webpages comparing the information with outside activities disclosures through UIC Research.
- Conducting risk-based and randomized auditing of publicly available data, including publication databases and media, comparing the information with outside activities disclosures. Outside activity disclosure and pre-approval process has been through UIC Research since June 28, 2022.
UIC is obligated to conduct appropriate reviews of faculty and staff activities and compliance with funding agency requirements, Federal law and guidance, and University Policies and Procedures.
What are the funding agency Research Security training requirements?
UIC’s research security and integrity training, when completed within the training windows, meets all funding agency research security training requirements. In addition to the training, most federal agencies require senior/key personnel (e.g., PI, MPI, co-PI, Co-I, collaborator, consultant, other significant contributor, project manager, project director) to certify that they have completed training within 1 year prior to applying, complete training annually, and disclose completely and transparently, as described for each agency.
Funding agency research security guidelines, rules, regulations, and policies:
RSIT Training
| Agency | Deadlines | Covered Individuals | Effective Date | Link |
|---|---|---|---|---|
| Department of Agriculture (USDA) | Not more than one year prior to applying for funding | "Applicants" | October 10, 2025 | SM-1078-014 Deviation #: 2026-USDA-0001-F |
| Annually for the duration of the award | ||||
| Department of Defense/War (DOD/DOW) | TBD | Covered Individuals (undefined) | June 8, 2023 | Policy for Risk-Based Security Reviews of Fundamental Research |
| “covered individual”, according the Chips Act of 2022, to means an individual who— (A) contributes in a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from a Federal research agency; and (B) is designated as a covered individual by the Federal research agency concerned. | 42 USC 19234 |
|||
| Department of Energy (DOE) | Not more than one year prior to applying for funding | Covered Individual means an individual who (a) contributes in a substantive, meaningful way to the development or execution of the scope of work of a project funded by DOE or proposed for funding by DOE, and (b) is designated as a covered individual by DOE. | May 1, 2025 | FAL 2025-02 |
| new subs within 30 days of initiating the project. | DOE designates as covered individuals any principal investigator (PI); project director (PD); coprincipal investigator (Co-PI); co-project director (Co-PD); project manager; and any individual regardless of title that is functionally performing as a PI, PD, Co-PI, Co-PD, or project manager. Status as a consultant, graduate (master’s or PhD) student, or postdoctoral associate does not automatically disqualify a person from being designated as a “covered individual” if they meet the definition in (a) above. Individuals committing no measurable effort or “as-needed” effort are not automatically exempt from being designated as a covered individual. The prime applicant’s listing of an individual in the “Senior/Key Person” section of an SF-424(R&R) budget serves as an acknowledgement that DOE designates that person as a covered individual. |
|||
| National Aeronatics and Space Administration (NASA) | Not more than one year prior to applying for funding | Training is required for PI's and Co-PI's (regardless of level of effort) and for Co-I's that propose to spend 10% or more of their time in any given year on a NASA-funded award. | August 5, 2026 | GIC 26-02 |
| NASA may designate additional personnel categories as covered individuals on a project-by-project basis which will be explicitly stated in the Notice of Funding Opportunity (NOFO). | ||||
| National Science Foundation (NSF) | Not more than one year prior to applying for funding | Senior/key personnel listed on the application for a research and development award will be required to take the training. | October 10, 2025 | Important Notice No. 149 |
| Senior personnel who later join an existing project will also have one year from the time of joining. | ||||
| National Institutes of Health | Not more than one year prior to applying for funding | Senior/key personnel listed on the application for a research and development award. | October 1, 2025 | NOT-OD-25-133 |
| January 26, 2026 | NOT-OD-26-017 |
What should Colleges, Departments, Centers, and Institutes be doing to improve Research Security?
Colleges, Departments, Centers, and Institutes should:
- Request training related to research security from the Office of Research Integrity.
- Conducting Visual Compliance screening of all new hires, international visitors, collaborators, and institutions, companies, and/or organizations that faculty and staff visit or with whom the faculty and staff collaborate.
- Complete Materials Transfer Agreements (MTAs, under common agreement templates) and Data Use Agreements (FDP DTUAs, under common agreement templates) when transferring materials or data, respectively, to or from the University.
- Review biographical sketches, other support, foreign components, and international activities reporting to sponsors, assuring the accuracy of information as it is reported by the investigator in outside activities disclosures in UIC Research.
- Review publications by faculty and staff, reported through annual evaluations, sponsored program annual reports and final reports, and in public databases, to determine the appointments and affiliations listed and the funding sources cited, comparing the information with funding agency reports and applications.
- Review publications by faculty and staff, reported through annual evaluations, sponsored program annual reports and final reports, and in public databases, to determine if foreign components or international activities have been properly reported to funding agencies and if prior approval was obtained.
- Oversee investigators and staff working on sponsored projects and assuring that proper approval is obtained from the sponsor, when necessary, for non-US persons.
Colleges, Departments, Centers, and Institutes are obligated to conduct appropriate reviews of faculty and staff activities and compliance with funding agency requirements, Federal law and guidance, and University Policies and Procedures. Policies and procedures should be developed and put in place to monitor faculty compliance with foreign influence disclosures at the college, department, center, and institute level.
How are agencies evaluating and mitigating research security risks?
Funding agencies are generally applying their own research security risk matrices or decision matrices to determine what the research security risks and what types of risks require mitigation. Federal research security risk matrices and decision matrices:
Risk Matrices
| Agency | Effective Date | Link |
|---|---|---|
| Department of Agriculture (USDA) | Not defined. | |
| Department of Defense/War (DOD/DOW) | March 9, 2026 | 2026 Department of War (DoW) Component Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions |
| Department of Energy (DOE) | April 1, 2026 | DOE Science & Technology (S&T) Risk Matrix |
| National Aeronatics and Space Administration (NASA) | Not defined. | |
| National Science Foundation (NSF) | June 5, 2024 | Trusted Research Using Safeguards and Transparency (TRUST) |
| National Institutes of Health | August 15, 2024 | NIH Decision Matrix for Assessing Potential Foreign Interference for Covered Individuals or Senior/Key |
What types of penalties are possible for violations of Research Security?
Penalties related to research security will vary based on the alleged violations. The procedures used to adjudicate allegations will depend on the specific alleged violations. Many research security allegations center on alleged violations of the Conflict of Commitment and Interest Policy, HR Policies, and grants policies specific to a given sponsored project. Each policy has outlined actions for violations that range from minor administrative actions for minor infractions to dismissal, as described by the University of Illinois Statues, as the most severe action. Policies and procedures outline mechanisms for the individual to respond to allegations and for allegations and responses to be reviewed by individuals with no conflict of interest.
How can an individual or unit learn more about what is needed to adhere to the research security program?
Individuals are encouraged to discuss questions first with their unit executive officer(s).
Colleges, Departments, Centers and Institutes, can learn about the research security program by requesting an Information Session from the Office of Research Integrity or send an email to ori@uic.edu.
Who can I contact if there are issues related to research security?
If you have any questions related to the research security program, please contact the research security group.
OSTP Quote
| March 2023 | JSR-22-08, JASON. 2023. "Research Program on Research Security"