Research Security Training
Access the training by searching for “Research Security” in MyPath
Certain members of the University’s research community will need to complete Research Security training by May 1, 2025. Learn more about the training program, including why it’s required and who needs to take it.
Topics on this page:
Background
Beginning May 1, 2025, all “Covered Individuals” (e.g. PIs, Co-PIs, project directors, senior/key personnel, and others identified as Covered Individuals by a federal funding agency) listed on Department of Energy (DOE) award applications must certify to DOE that they have completed research security training. Additional Covered Individuals that later join a DOE award proposed on or after May 1, 2025 will also be required to take this training before participating in award activities.
Per federal law (the CHIPS and Science Act of 2022) and regulations (NSPM-33), other federal agencies are in the process of implementing similar Research Security training requirements.
DOE requirements and timeline
To meet Department of Energy (DOE) certification requirements:
- Before May 1, 2025: All PIs and faculty planning to submit applications to DOE on May 1, 2025 must complete Research Security training by May 1, 2025.
- After May 1, 2025: PIs and faculty must have completed Research Security training prior to the date of an application to DOE.
To facilitate compliance, it is strongly recommended that all PIs and faculty currently engaged in DOE-funded research take this training by May 1, 2025.
Access the training by searching for “Research Security” in MyPath
Other federal agency training requirements
Other federal funding agencies are in the process of implementing similar Research Security training requirements that apply to “Covered Individuals” (e.g. PIs, Co-PIs, project directors, senior/key personnel, and others identified as Covered Individuals by a federal funding agency). It is likely that the National Science Foundation will adopt Research Security training requirements as of October 2025, and other funding agencies will follow thereafter. These requirements have not been finalized, and the Office of the Vice President for Research will update the research community as other agencies announce their requirements.
log into mypath
Take the training course
To access the training, search for “Research Security” in MyPath. The course will take approximately 1 hour and 35 minutes to complete.
Frequently asked questions
The CHIPS and Science Act of 2022 (the “CHIPS Act”) requires that federal research agencies establish a requirement that each “Covered Individual” (discussed below) listed on a research application award certify to the agency as part of the application that they have completed research security training. It also requires that the University certify separately to the agency that such Covered Individual(s) have completed the training.
In response to the research security training mandate included CHIPS Act and in NSPM-33, the Office of Science and Technology Policy (OSTP) issued Research Security Program Guidelines (the “Guidelines”) in July 2024. The Guidelines provide the University must have a research security program that includes the following elements:
- Cybersecurity
- Foreign Travel Security
- Research Security Training
- Export Control Training
The Guidelines provide that the University must certify to federal agencies that it has implemented a research security training program for Covered Individuals and must certify to federal agencies that Covered Individuals have completed the training.
The U.S. government has defined “research security” as “safeguarding the research enterprise against behaviors aimed at misappropriating research and development to the detriment of national or economic security, related violations of research integrity, and foreign government interference.” Collectively, the laws, regulations, and University policies and procedures relating to research security aim to mitigate the threat to the U.S. research enterprise and individual researchers posed by parties who wish to take advantage of the culture of openness and collaboration of the U.S. research ecosystem. Research security training is designed to create awareness of, and protect against, these threats.
All Covered Individuals listed on applications for federal awards or otherwise designated by a federal agency will soon be required to complete research security training. Federal agencies are in the process of implementing their requirements.
Beginning May 1, 2025, all Covered Individuals listed on Department of Energy (DOE) award applications must certify to DOE that they have completed research security training. Additional Covered Individuals that later join a DOE award proposed on or after May 1, 2025 will also be required to take this training before participating in award activities.
The University anticipates that the National Science Foundation will implement similar requirements as of October 2025, and that other funding agencies will follow thereafter. These requirements have not been finalized, and the Office of the Vice President for Research will update the research community as other agencies announce their requirements.
A “Covered Individual” is defined by the CHIPS Act as “an individual who (a) contributes in a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from a Federal research agency; and (b) is designated as a covered individual by the Federal research agency concerned.”
In practical terms, the vast majority of University faculty/investigators (e.g. PIs, Co-PIs, Senior Scientists, project directors, senior/key personnel etc.) who are conducting research efforts under a federal award are considered “Covered Individuals” under this definition. Federal agencies may expand the list of individuals designated as a “Covered Individual,” as specified in the applicable Notice of Funding Opportunity (NOFO) and/or terms and conditions of the federal award.
- Open University of Rochester MyPath login page
- Log in using your University of Rochester credentials
- From the Home screen, use the search bar, type “Research Security” and press Enter
- Click on the “Research Security Training” training that appears in the search results
- Click “Request”
- Click “Launch” on the first module and complete each of the three training modules in order
- At the end of the third module, save or print the completion certificate for your records
A transcript of the Research Security Federal Module is available here.
Approximately 1 hour and 35 minutes:
- Research Security Introduction: 5 minutes
- Research Security – Federal Module: 1 hour to complete
- Research Security – University Module: 30 minutes
The “Research Security – Federal Module” is a one-hour, condensed training module of a four-hour research security training program previously developed by the National Science Foundation. It was developed by the University of Michigan, in collaboration with the Ohio State University, Stanford University, and Duke University.
The University expects that Covered Individuals will need to take research security training on an annual basis. The renewal timing and format of annually required training is to be determined.
The Research Security Federal Module includes:
- an introduction to research security, including information on key federal regulations and the core values of academic research and their connection to research security
- the importance of disclosure, including what disclosure is, the benefits of disclosure, the types of activities that should be disclosed, and consequences for failing to disclose activities
- risk mitigation and management, including how to understand and mitigate risks associated with common international collaborative activities (such as sharing data or materials, or accepting an overseas appointment)
- international collaboration, including engaging in international collaborations consistent with the core values of academic research
The Research Security University Module provides information on research security-related policies and concepts that are unique to the University of Rochester and includes information on:
- The Faculty Conflict of Commitment and Interest Policy
- Consulting activities
- Simultaneous appointments
- Foreign Talent Recruitment Programs
- Disclosures to federal agencies
- Research data and intellectual property
- Information security
- International visitors
- International travel
- Export control
- The University’s research security program resources
Beginning May 1, 2025, the Office of Research and Project Administration (ORPA) is prohibited from submitting DOE applications where applicable Covered Individuals have not satisfied their research security training requirements. Similar stipulations will apply to other federal proposals as applicable funding agencies implement their training requirements. The University will track training completion through MyPath.
Visit the University’s Research Security page. The University regularly updates and provides guidance on research security issues.
As the coordinator of several federal agency efforts relating to research security, the National Science Foundation also provides important information on research security issues.
- For substantive questions relating to research security, contact Joe Doyle (joe.doyle@rochester.edu), the University’s Research Security Officer.
- For technical assistance relating to the research security training, contact mypathsupport@rochester.edu.