Research Security Program
A Research Security Program is required by the federal government to protect against foreign government interference and exploitation at research institutions receiving federal funds. National Security Presidential Memorandum 33 (NSPM-33) is an executive branch directive intended to safeguard the security and integrity of federally funded research. Research security refers to national security concerns surrounding research involving types of sensitive data, intellectual property, export-controlled information and other risks.
Research security is important to protect public investment in research, prevent the misuse of research data and advanced technology generated at universities by malign actors, and to protect the safety and security of employees and students traveling abroad. The federal government is focusing on areas critical to protecting the security of U.S. research such as the disclosure of conflicts of interest and commitment, including relationships or affiliations with foreign entities, and research support provided by those entities. Federal agency partners have indicated that failure to disclose foreign relationships and activities may jeopardize eligibility for future funding. Our federal partners and U.S. research institutions continue to negotiate and clarify what the final NSPM 33 compliance requirements, forms, procedures and training will be. Our current understanding is that the final standards and requirements will be released by the end of the year.
UW–Madison values Open Research and Free Interchange of Information and International Research Collaborations and maintains its commitments to international faculty and student exchanges. UW-Madison strives to provide a welcoming environment to foreign students and scholars and to uphold academic freedom. We believe in the open dissemination of research and encourage our faculty and staff to collaborate with others to advance knowledge.
All of these perspectives help UW–Madison maintain its excellence in cutting-edge research.
Below are the components of the UW-Madison Research Security Program. This is a university-wide interdisciplinary collaborative effort involving research, technology security, export controls and international travel.
The Toolkit is a resource that informs researchers on the university’s research requirements and expectations and serves as a central location on where to contact university experts.
This resource provides information on the precautions that should be taken to maximize security in using and storing data.
Researchers are expected to disclose information about current and pending/other support to project sponsors. Information may be disclosed in a proposal, during the Just-In-Time process, in a progress report, or at any time deemed appropriate by the sponsor. UW–Madison policy puts the onus on the researcher to provide current, accurate, and complete information.
Faculty, staff, and others are required to complete Outside Activity Reports. Outside activities that must be reported include compensation, ownership, leadership, foreign academic appointments, foreign research support, and travel (for researchers with federal grants).
Overarching guidance about what activities or support must be disclosed to which entities and in which documents are illustrated in the UW–Madison Disclosure Matrix.
The Office of Cybersecurity supports the CIO and the campus by leading and managing campus efforts to reduce risk. Strategies include appropriate handling of data, continued diagnostics and good processes and procedures to manage our intellectual property and other sensitive information.
The office helps researchers comply with Controlled Unclassified Information (CUI) requirements. The Office of Cybersecurity and the Office of the Vice Chancellor for Research and Graduate Education created a step-by-step process for researchers to follow. The process outline, forms and Q&As on these pages help users determine if their research is impacted by the CUI requirements and if so, what steps need to be taken.
UW-Madison has enacted or complies with the following policies:
- Cybersecurity Risk Management
- Restricted Data Security Management
- Network Firewall Policy
- Endpoint Management and Security Policy
Cybersecurity offers comprehensive required training for the university.
The Export Control Office works with UW–Madison faculty, researchers, staff and students to ensure compliance with the U.S. Export Control laws and regulations, including the International Traffic in Arms Regulations (ITAR), Export Administration Regulations (EAR) and Foreign Assets Control Regulations (FACR).
UW-Madison has enacted the following policies:
UW-Madison has developed the following training modules:
All faculty, regardless of appointment, all academic staff with 50% or greater appointment, and all individuals listed as participants on human subject protocols or on federal grants are required to fill out an annual Outside Activities Report (OAR) and update whenever new outside activities are undertaken.
UW-Madison has many resources for faculty and staff who are traveling abroad. The International Division’s office of International Safety and Security (ISSD) is available to help you prepare for international travel. The International Safety and Security website offers broad resources and current information about: your destination’s risk environment; tips and best practices for planning safe travel; information about the university’s international health and medical insurance; and UW-Madison’s international travel policy.
DoIT provides guidance and resources for protecting your data and devices when traveling.
- In 2022, established a working group to assess UW-Madison's preparedness for implementation of the Research Security Program
- In 2022, created an Interim Research Security Program Director to serve as the point of contact, manage the Research Security Program, and prepare the annual self-certification.
- In 2023, established a Research Security Team to continue to review NSPM 33 guidance and the March 2023 draft Standards and Requirements
- In July 2023, published the Research Security Program website describing the established policy and training requirements required of the Security Programs Standard Requirement.
The U.S. Government has enacted the following federal directives and legislation regarding disclosures, research security program requirements, and research security training:
- National Security Presidential Memorandum 33 (NSPM 33) and Implementation Guidance
- Released in January 2021 and January 2022
- Requires all federal research funding agencies to standardize disclosure requirements for federally funded awards
- Requires research institutions receiving over $50 million per year in federal research funding to certify that they have implemented a research security program
- CHIPS & Science Act
- Enacted in 2022
- Mandates research security provisions including:
- Annual Research Security Training requirements for Federal research award personnel: page 792, section 10634
- Certification of no involvement in Maligned Foreign Talent Recruitment Programs (MFTRP): page 787, section 10632
- National Defense Authorization Act for Fiscal Year 2021
- JCORE Recommendations:
- Developed in 2021 by The National Science and Technology Council Joint Committee on the Research Environment, Subcommittee on Research Security in coordination with the National Security Council
- Outlines recommended practices and guidance for research institutions to meet the requirements of NSPM-33.
- National Science and Technology Council Disclosure Requirements & Standardization
- National Science Foundation
- National Institutes of Health
- Foreign Interference
- Department of Energy
- Interim COI policy (NOTE: this new policy can be expanded upon in individual RFAs)
- 486.1A Foreign Government Sponsored or Affiliated Activities
- 142.3B Unclassified Foreign National Access Program
- Department of Defense
- Cybersecurity Maturity Model Certification (CMMC) regulations for handling Controlled Unclassified Information (CUI)
Report a Research Security Concern
If you have concerns about any research security or compliance issue, please refer to the following information:
- Contact the Interim Director of the Research Security Program in the Office of the Vice Chancellor of Research and Graduate Education.
- Use the tip line maintained by the Office of Research Compliance in the Office of the Vice Chancellor for Research and Graduate Education (608-890-1273). If anonymity is requested, UW–Madison will strive to maintain it, but it cannot be guaranteed.
- Export Control concerns can be reported with a Compliance Complaint Form.
- HIPAA – Incident Reporting
- Federal Government
Foreign Government Talent Recruitment Programs
Representative List of Foreign Government Talent Recruitment Programs: This is not an exhaustive list but represents those that are currently identified.
For questions please contact the Export Control Office
- Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Education, Department of Defense, June 2023.
- Recommended Practices for Strengthening the Security and Integrity of America’s Science and Technology Research Enterprise, Joint Committee on the Research Environment, National Science and Technology Council, January 2021.
- Chinese Talent Program Tracker, Center for Security and Emerging Technology, Georgetown University, November 2020.
- Foreign Government-Sponsored Talent Recruitment Plans, such as China’s Talent Plans, Incentivize Economic Espionage and Theft of Trade Secrets, Federal Bureau of Investigation, July 2020.
- Threats to the U.S. Research Enterprise: China’s Talent Recruitment Plans, US Senate, Homeland Security and Governmental Affairs Permanent Subcommittee on Investigations, November 2019.