Research Security Program Requirements

NSPM-33 requires institutions to establish research security programs that include measures related to the security of international travel. While we await updated federal agency policies to address the Office of Science and Technology’s Guidelines for Research Security Programs, please consider the following resources for international travel:

The International Toolkit: Welcome | International Toolkit
Register your travel (strongly encouraged): Registering Your Travel | International Toolkit
Information Security: Travel Securely
Secure Loaner Laptop Service: Secure Travel Device Loaners - IT at Yale
Considerations regarding data protection while abroad: Data Protection Laws | International Toolkit
International Students & Scholars: Current Travel Guidance | Office of International Students & Scholars
Check Travel Advisories for your destination: US Department of State

NSPM-33 and the CHIPS and Science Act directs institutional research security programs to comply with certain cybersecurity standards. Further guidance will be provided upon finalization of the Standard Requirements, please consider the following resources for Cybersecurity:

Increased international collaboration and engagement also requires heightened awareness of the laws and regulations related to the transfer of information, commodities, technology, and software to foreign nationals, foreign entities or foreign countries. While the majority of research at Yale falls under the fundamental research exclusion, researchers must be aware of the limits of that exclusion and any restrictions outlined in their awards that may negate or qualify that exclusion. Additional information from Yale’s Export Controls Office.

National Security Presidential Memorandum-33 (NSPM-33), and the July 29, 2024 Office of Science and Technology Policy (OSTP) memorandum on Guidelines for Research Security Programs at Covered Institutions, requires training on research security for federally funded personnel and export controls, as appropriate.

As communicated to the research community on 9/26/25, Yale is asking all federally funded investigators to take Research Security training (offered in Workday) to comply with new federal regulations.

The CHIPS and Science Act of 2022, Section 10634, states that federal research agencies must require covered individuals to complete research security training 12 months prior to an application submission. A covered individual is an individual who:

contributes in a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from a Federal research agency; and
is designated as a covered individual by the Federal research agency concerned.

Note: The definition of a Covered Individual is based on their contribution to the project as defined above and is not related to the title of the individual.

Some agencies have published requirements to include when this training must be completed.

National Science Foundation (NSF)

Important Notice No. 149: Updates to NSF Research Security Policies | NSF - U.S. National Science Foundation.

Effective December 2, 2025, NSF requires research security training certifications from proposers and individuals identified as senior/key personnel by the proposer.

Each individual identified as a senior/key person must certify that they have completed the requisite research security training that meets the requirements.

Authorized Organizational Representative (AOR) must certify that all individuals identified as senior/key personnel have completed the requisite research security training that meets the requirements within 12 months prior to proposal submission.

NIH: NOT-OD-25-133: NIH Announces a New Policy Requirement to Train Senior/Key Personnel on Other Support Disclosure Requirements: Effective October 1, 2025, recipients must implement trainings, in addition to maintaining a written and enforced policy, on requirements for the disclosure of other support to ensure Senior/Key Personnel fully understand their responsibility to disclose all resources made available to the researcher in support of and/or related to all of their research endeavors.

National Institutes of Health (NIH)

NOT-OD-26-017: Research Security Training Requirements for NIH

Effective Date: At this time, the research security training requirement is optional. Completion of RST and the individual and institutional certifications will be effective for applications submitted for due dates on or after May 25, 2026.

Authorized Organizational Representative (AOR) must certify that each covered individual who is employed by the institution and listed on the application has completed RST within 12 months of the date of application submission.

Department of Energy (DOE)

Department of Energy Financial Assistance Letter dated 10/07/2024.
- Training required as of May 1, 2025, within the 12 months prior to the application submission.
- Both the covered individual and the institution must certify completion of the course before the proposal is submitted.

United States Department of Agriculture (USDA)

Current USDA General Terms and Conditions for Federal Awards
Effective December 31, 2025, the recipient of a research award, whether an institution or individual, must certify that each individual employed by the recipient to work on the award has completed research security training (RST) and must recertify annually for the duration of the award. RST must have been completed either at the time of application, where applicable, or within the 12-month period immediately preceding the commencement of work on the award.

National Aeronautical Space Administration (NASA)

NASA has issued Grant Information Circular 26-02 (GIC 26-02) to implement the research security training (RST) and certification requirements mandated by Section 10634 of the CHIPS and Science Act of 2022 for all research grant and cooperative agreement proposals submitted to the agency.

Under the circular, covered individuals must certify on their Biographical Sketch and Current and Pending (Other) Support forms that they have completed RST within the 12 months prior to proposal submission. Covered individuals who join a funded project after award must also submit the required certifications. “Covered individuals” are defined as:

Any Principal Investigator (PI), regardless of level of effort
Any Co-PI, regardless of level of effort
Any Co-investigator (Co-I) proposing to spend ten percent or more of their time in any given year on a NASA-funded award

In addition, applicant entities will certify that each covered individual employed by the entity and listed on the proposal has met the RST requirement by signing a certification in NASA’s Solicitation and Proposal Integrated Review and Evaluation System (NSPIRES).

The agency will implement these requirements beginning August 5, 2026.

Summary of US Federal Agency-Specific Research Training Requirements.

Agency	Requirement(s)	Who is required?	Timing/Frequency	Effective Date
Department of Energy (DOE)	Research Security Training	All covered individuals and the institution must certify completion of the course.	Within the 12 months prior to the application submission.	5/1/25
National Sciences Foundation	Research Security Training	All senior/key personnel and the AOR must certify completion of the course.	Within 12 months prior to proposal submission	10/10/25
National Sciences Foundation	RECR Training	All senior/key personnel, undergraduate students, graduate students, postdoctoral scholars, & faculty.	Within 12 months prior to proposal submission.	12/6/25
National Institutes of Health (NIH)	Research Security Training	All senior/key personnel	Within 12 months prior to proposal submission	5/25/26
National Institutes of Health (NIH)	Other Support Disclosure Training	All senior/key personnel	Recipients must implement trainings, in addition to maintaining a written and enforced policy, on requirements for the disclosure of other support.	10/1/25
United States Department of Agriculture (USDA)	Research Security Training	Each individual employed by the recipient to work on the award	Either at the time of application, where applicable, or within the 12-month period immediately preceding the commencement of work on the award	12/31/2025
National Aeronautics and Space Administration (NASA)	Grants Policy and Compliance Team - NASA	All covered individuals, as defined by the Agency, certify that they have completed research security training, and applicant entities must certify that covered individuals employed by the entity have taken such training.	Within one year prior to application submission	8/5/2026

Research Security & Other Support Training

Yale has developed the following Research Security Training Module in Workday, which fulfills the federal training requirements noted above. This training meets both requirements for Other Support and Research Security training:

Federal Agency Research Security Training. This is a one (1) hour course.

Export Controls Training

Yale Export Compliance Training in Workday Learning

Research Security Program Requirements

International Travel Security

Cybersecurity

Export Controls

Training Requirements: Research Security, Export Controls, Other Support, and Certification Requirements

Research Security Training Requirements

Agency Specific Research Security Training Requirements