Skip to content

Research Security Training

Access the training by searching for “Research Security” in MyPath

Certain members of the University’s research community will need to complete Research Security training by May 1, 2025. Learn more about the training program, including why it’s required and who needs to take it.

Access the training in MyPath by searching for “Research Security”

Topics on this page:

Background

Beginning May 1, 2025, all “Covered Individuals” (e.g. PIs, Co-PIs, project directors, senior/key personnel, and others identified as Covered Individuals by a federal funding agency) listed on Department of Energy (DOE) award applications must certify to DOE that they have completed research security training. Additional Covered Individuals that later join a DOE award proposed on or after May 1, 2025 will also be required to take this training before participating in award activities.

Per federal law (the CHIPS and Science Act of 2022) and regulations (NSPM-33), other federal agencies are in the process of implementing similar Research Security training requirements.

DOE requirements and timeline

To meet Department of Energy (DOE) certification requirements:

  • Before May 1, 2025: All PIs and faculty planning to submit applications to DOE on May 1, 2025 must complete Research Security training by May 1, 2025.
  • After May 1, 2025: PIs and faculty must have completed Research Security training prior to the date of an application to DOE.

To facilitate compliance, it is strongly recommended that all PIs and faculty currently engaged in DOE-funded research take this training by May 1, 2025.

Access the training by searching for “Research Security” in MyPath

Other federal agency training requirements

Other federal funding agencies are in the process of implementing similar Research Security training requirements that apply to “Covered Individuals” (e.g. PIs, Co-PIs, project directors, senior/key personnel, and others identified as Covered Individuals by a federal funding agency). It is likely that the National Science Foundation will adopt Research Security training requirements as of October 2025, and other funding agencies will follow thereafter. These requirements have not been finalized, and the Office of the Vice President for Research will update the research community as other agencies announce their requirements.

Frequently asked questions

Why is research security training required?

The CHIPS and Science Act of 2022 (the “CHIPS Act”) requires that federal research agencies establish a requirement that each “Covered Individual” (discussed below) listed on a research application award certify to the agency as part of the application that they have completed research security training. It also requires that the University certify separately to the agency that such Covered Individual(s) have completed the training.

In response to the research security training mandate included CHIPS Act and in NSPM-33, the Office of Science and Technology Policy (OSTP) issued Research Security Program Guidelines (the “Guidelines”) in July 2024. The Guidelines provide the University must have a research security program that includes the following elements:

  1. Cybersecurity
  2. Foreign Travel Security
  3. Research Security Training
  4. Export Control Training

The Guidelines provide that the University must certify to federal agencies that it has implemented a research security training program for Covered Individuals and must certify to federal agencies that Covered Individuals have completed the training.

What is research security training?

The U.S. government has defined “research security” as “safeguarding the research enterprise against behaviors aimed at misappropriating research and development to the detriment of national or economic security, related violations of research integrity, and foreign government interference.” Collectively, the laws, regulations, and University policies and procedures relating to research security aim to mitigate the threat to the U.S. research enterprise and individual researchers posed by parties who wish to take advantage of the culture of openness and collaboration of the U.S. research ecosystem. Research security training is designed to create awareness of, and protect against, these threats.

Who needs to take research security training?

All Covered Individuals listed on applications for federal awards or otherwise designated by a federal agency will soon be required to complete research security training. Federal agencies are in the process of implementing their requirements.

Beginning May 1, 2025, all Covered Individuals listed on Department of Energy (DOE) award applications must certify to DOE that they have completed research security training. Additional Covered Individuals that later join a DOE award proposed on or after May 1, 2025 will also be required to take this training before participating in award activities.

The University anticipates that the National Science Foundation will implement similar requirements as of October 2025, and that other funding agencies will follow thereafter. These requirements have not been finalized, and the Office of the Vice President for Research will update the research community as other agencies announce their requirements.

What is a “Covered Individual?”

A “Covered Individual” is defined by the CHIPS Act as “an individual who (a) contributes in a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from a Federal research agency; and (b) is designated as a covered individual by the Federal research agency concerned.”

In practical terms, the vast majority of University faculty/investigators (e.g. PIs, Co-PIs, Senior Scientists, project directors, senior/key personnel etc.) who are conducting research efforts under a federal award are considered “Covered Individuals” under this definition. Federal agencies may expand the list of individuals designated as a “Covered Individual,” as specified in the applicable Notice of Funding Opportunity (NOFO) and/or terms and conditions of the federal award.

How do I access the training?
  • Open University of Rochester MyPath login page
  • Log in using your University of Rochester credentials
  • From the Home screen, use the search bar, type “Research Security” and press Enter
  • Click on the “Research Security Training” training that appears in the search results
  • Click “Request”
  • Click “Launch” on the first module and complete each of the three training modules in order
  • At the end of the third module, save or print the completion certificate for your records

A transcript of the Research Security Federal Module is available here.

How long will it take to complete the training?

Approximately 1 hour and 35 minutes:

  • Research Security Introduction: 5 minutes
  • Research Security – Federal Module: 1 hour to complete
  • Research Security – University Module: 30 minutes

The “Research Security – Federal Module” is a one-hour, condensed training module of a four-hour research security training program previously developed by the National Science Foundation. It was developed by the University of Michigan, in collaboration with the Ohio State University, Stanford University, and Duke University.

How often will I be required to take this training?

The University expects that Covered Individuals will need to take research security training on an annual basis. The renewal timing and format of annually required training is to be determined.

What topics are included in the training?

The Research Security Federal Module includes:

  • an introduction to research security, including information on key federal regulations and the core values of academic research and their connection to research security
  • the importance of disclosure, including what disclosure is, the benefits of disclosure, the types of activities that should be disclosed, and consequences for failing to disclose activities
  • risk mitigation and management, including how to understand and mitigate risks associated with common international collaborative activities (such as sharing data or materials, or accepting an overseas appointment)
  • international collaboration, including engaging in international collaborations consistent with the core values of academic research

The Research Security University Module provides information on research security-related policies and concepts that are unique to the University of Rochester and includes information on:

  • The Faculty Conflict of Commitment and Interest Policy
  • Consulting activities
  • Simultaneous appointments
  • Foreign Talent Recruitment Programs
  • Disclosures to federal agencies
  • Research data and intellectual property
  • Information security
  • International visitors
  • International travel
  • Export control
  • The University’s research security program resources
What happens if I don’t complete the required training?

Beginning May 1, 2025, the Office of Research and Project Administration (ORPA) is prohibited from submitting DOE applications where applicable Covered Individuals have not satisfied their research security training requirements. Similar stipulations will apply to other federal proposals as applicable funding agencies implement their training requirements. The University will track training completion through MyPath.

Where can I find more information research security issues?

Visit the University’s Research Security page. The University regularly updates and provides guidance on research security issues.

As the coordinator of several federal agency efforts relating to research security, the National Science Foundation also provides important information on research security issues.

Who may I contact for more information?
  • For substantive questions relating to research security, contact Joe Doyle (joe.doyle@rochester.edu), the University’s Research Security Officer.
  • For technical assistance relating to the research security training, contact mypathsupport@rochester.edu.