Research Security Training

The CHIPS and Science Act of 2022 (the “CHIPS Act”) requires that federal research agencies establish a requirement that each “Covered Individual” (discussed below) listed on a research application award certify to the agency as part of the application that they have completed research security training. It also requires that the University certify separately to the agency that such Covered Individual(s) have completed the training.

In response to the research security training mandate included CHIPS Act and in NSPM-33, the Office of Science and Technology Policy (OSTP) issued Research Security Program Guidelines (the “Guidelines”) in July 2024. The Guidelines provide the University must have a research security program that includes the following elements:

1. Cybersecurity
2. Foreign Travel Security
3. Research Security Training
4. Export Control Training

The Guidelines provide that the University must certify to federal agencies that it has implemented a research security training program for Covered Individuals and must certify to federal agencies that Covered Individuals have completed the training.

The U.S. government has defined “research security” as “safeguarding the research enterprise against behaviors aimed at misappropriating research and development to the detriment of national or economic security, related violations of research integrity, and foreign government interference.” Collectively, the laws, regulations, and University policies and procedures relating to research security aim to mitigate the threat to the U.S. research enterprise and individual researchers posed by parties who wish to take advantage of the culture of openness and collaboration of the U.S. research ecosystem. Research security training is designed to create awareness of, and protect against, these threats.

All Covered Individuals listed on applications for federal awards or otherwise designated by a federal agency will soon be required to complete research security training. Federal agencies are in the process of implementing their requirements.

Beginning May 1, 2025, all Covered Individuals listed on Department of Energy (DOE) award applications must certify to DOE that they have completed research security training. Additional Covered Individuals that later join a DOE award proposed on or after May 1, 2025 will also be required to take this training before participating in award activities.

The University anticipates that the National Science Foundation will implement similar requirements as of October 2025, and that other funding agencies will follow thereafter. These requirements have not been finalized, and the Office of the Vice President for Research will update the research community as other agencies announce their requirements.

A “Covered Individual” is defined by the CHIPS Act as “an individual who (a) contributes in a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from a Federal research agency; and (b) is designated as a covered individual by the Federal research agency concerned.”

In practical terms, the vast majority of University faculty/investigators (e.g. PIs, Co-PIs, Senior Scientists, project directors, senior/key personnel etc.) who are conducting research efforts under a federal award are considered “Covered Individuals” under this definition. Federal agencies may expand the list of individuals designated as a “Covered Individual,” as specified in the applicable Notice of Funding Opportunity (NOFO) and/or terms and conditions of the federal award.

• Open University of Rochester MyPath login page
• Log in using your University of Rochester credentials
• From the Home screen, use the search bar, type “Research Security” and press Enter
• Click on the “Research Security Training” training that appears in the search results
• Click “Request”
• Click “Launch” on the first module and complete each of the three training modules in order
• At the end of the third module, save or print the completion certificate for your records

A transcript of the Research Security Federal Module is available here.

Approximately 1 hour and 35 minutes:

• Research Security Introduction: 5 minutes
• Research Security – Federal Module: 1 hour to complete
• Research Security – University Module: 30 minutes

The “Research Security – Federal Module” is a one-hour, condensed training module of a four-hour research security training program previously developed by the National Science Foundation. It was developed by the University of Michigan, in collaboration with the Ohio State University, Stanford University, and Duke University.

The University expects that Covered Individuals will need to take research security training on an annual basis. The renewal timing and format of annually required training is to be determined.

The Research Security Federal Module includes:

• an introduction to research security, including information on key federal regulations and the core values of academic research and their connection to research security
• the importance of disclosure, including what disclosure is, the benefits of disclosure, the types of activities that should be disclosed, and consequences for failing to disclose activities
• risk mitigation and management, including how to understand and mitigate risks associated with common international collaborative activities (such as sharing data or materials, or accepting an overseas appointment)
• international collaboration, including engaging in international collaborations consistent with the core values of academic research

The Research Security University Module provides information on research security-related policies and concepts that are unique to the University of Rochester and includes information on:

• The Faculty Conflict of Commitment and Interest Policy
• Consulting activities
• Simultaneous appointments
• Foreign Talent Recruitment Programs
• Disclosures to federal agencies
• Research data and intellectual property
• Information security
• International visitors
• International travel
• Export control
• The University’s research security program resources

Beginning May 1, 2025, the Office of Research and Project Administration (ORPA) is prohibited from submitting DOE applications where applicable Covered Individuals have not satisfied their research security training requirements. Similar stipulations will apply to other federal proposals as applicable funding agencies implement their training requirements. The University will track training completion through MyPath.

Visit the University’s Research Security page. The University regularly updates and provides guidance on research security issues.

As the coordinator of several federal agency efforts relating to research security, the National Science Foundation also provides important information on research security issues.

• For substantive questions relating to research security, contact Joe Doyle (joe.doyle@rochester.edu), the University’s Research Security Officer.
• For technical assistance relating to the research security training, contact mypathsupport@rochester.edu.