Research Security Program Requirements

International Travel Security

NSPM-33 requires institutions to establish research security programs that include measures related to the security of international travel. While we await updated federal agency policies to address the Office of Science and Technology’s Guidelines for Research Security Programs, please consider the following resources for international travel:

• The International Toolkit: Welcome | International Toolkit
• Register your travel (strongly encouraged): Registering Your Travel | International Toolkit
• Information Security: Travel Securely
• Secure Loaner Laptop Service: Secure Travel Device Loaners - IT at Yale
• Considerations regarding data protection while abroad: Data Protection Laws | International Toolkit
• International Students & Scholars: Current Travel Guidance | Office of International Students & Scholars
• Check Travel Advisories for your destination: US Department of State

Cybersecurity

NSPM-33 and the CHIPS and Science Act directs institutional research security programs to comply with certain cybersecurity standards. Further guidance will be provided upon finalization of the Standard Requirements, please consider the following resources for Cybersecurity:

• Policy: Yale’s Information Security Policy Base
• Home | Yale Cybersecurity
• Monthly Tip Library | Yale Cybersecurity

Export Controls

Increased international collaboration and engagement also requires heightened awareness of the laws and regulations related to the transfer of information, commodities, technology, and software to foreign nationals, foreign entities or foreign countries. While the majority of research at Yale falls under the fundamental research exclusion, researchers must be aware of the limits of that exclusion and any restrictions outlined in their awards that may negate or qualify that exclusion. Additional information from Yale’s Export Controls Office.

Training Requirements: Research Security, Export Controls, Other Support, and Certification Requirements

National Security Presidential Memorandum-33 (NSPM-33), and the July 29, 2024 Office of Science and Technology Policy (OSTP) memorandum on Guidelines for Research Security Programs at Covered Institutions, requires training on research security for federally funded personnel and export controls, as appropriate.

Research Security Training Requirements

The CHIPS and Science Act of 2022, Section 10634, states that federal research agencies must require covered individuals to complete research security training 12 months prior to an application submission. A covered individual is an individual who:

• contributes in a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from a Federal research agency; and
• is designated as a covered individual by the Federal research agency concerned.

Note: The definition of a Covered Individual is based on their contribution to the project as defined above and is not related to the title of the individual.

Some agencies have published requirements to include when this training must be completed.

Agency Specific Research Security Training Requirements

National Institutes of Health (NIH)

Research Security Training Requirements: Implementation of NIH Research Security Policies: NOT-OD-25-154 Notice rescinded 9/29/25. NOT-OD-25-161: Update: Recission Notice re: Implementation of NIH Research Security Policies

National Science Foundation (NSF)

Important Notice No. 149: Updates to NSF Research Security Policies dated July 10, 2025.

As of October 10, 2025, requires research security training certifications from proposers and individuals identified as senior/key personnel by the proposer.

Each individual identified as a senior/key person must certify that they have completed the requisite research security training that meets the requirements specified in Item 2 of Important Notice No. 149 within 12 months prior to proposal submission.

Authorized Organizational Representative (AOR) must certify that all individuals identified as senior/key personnel have completed the requisite research security training that meets the requirements within 12 months prior to proposal submission.

Department of Energy (DOE)

• Department of Energy Financial Assistance Letter dated 10/07/2024.
  • Training required as of May 1, 2025, within the 12 months prior to the application submission.
  • Both the covered individual and the institution must certify completion of the course before the proposal is submitted.

Other Support Training Requirements

NIH: NOT-OD-25-133: NIH Announces a New Policy Requirement to Train Senior/Key Personnel on Other Support Disclosure Requirements: Effective October 1, 2025, recipients must implement trainings, in addition to maintaining a written and enforced policy, on requirements for the disclosure of other support to ensure Senior/Key Personnel fully understand their responsibility to disclose all resources made available to the researcher in support of and/or related to all of their research endeavors.

The table below provides an overview of training requirements:

How to Complete Training Requirements

Research Security & Other Support Training

Yale has developed the following Research Security Training Module in Workday, which fulfills the federal training requirements noted above. This training meets both requirements for Other Support and Research Security training:

• Federal Agency Research Security Training. This is a one (1) hour course.

Export Controls Training

Yale Export Compliance Training in Workday Learning