OSTP Releases Guidance for NSPM-33, Long Awaited Research Security Roadmap

On January 4, the White House Office of Science and Technology Policy (OSTP) announced the publication of the implementation guidance for National Security Presidential Memorandum (NSPM)-33, the guidelines released in early 2021 intended to improve research security efforts at federal agencies (see previous COSSA coverage for more details). This long-awaited guidance, which was released as a report by OSTP’s National Science and Technology Council (NSTC) Joint Committee on the Research Environment (JCORE), aims to clarify requirements for federally funded researchers and set best practices at federal agencies to strengthen research security. The guidance offers direction on five major areas of research security addressed by NSPM-33: disclosure requirements and standardization, digital persistent identifiers, consequences for disclosure requirement violations, information sharing, and research security programs at federally funded research institutions.

Disclosure Requirements and Standardization – The guidance requires standardization of disclosure requirements and required forms for researchers seeking federal funding (including who is required to disclose personal information, financial information, and other relevant information) and clarifies requirements regarding the disclosure of potential conflicts of interest and participation in any foreign programs. The guidance also encourages the correction of any errors, incompletions, or changes to previously submitted forms and applications to improve trust between researchers and institutions.

Digital Persistent Identifiers – The guidance offers recommendations for federal agencies to standardize the use of digital persistent identifiers (DPIs), or a standard digital identification to easily share personal information, to simplify the disclosure process for researchers seeking federal funding. While the guidance stops short of requiring the use of DPIs, it does require agencies to provide the option of using DPIs at no cost to the researcher and make sure the DPIs are interoperable between agencies.

Consequences for Violation of Disclosure Requirements – Several potential consequences for disclosure violations by researchers are mentioned in the guidance depending on the severity of the violation, including criminal and civil charges, the rejection of research awards, the ineligibility of future awards, and other administrative sanctions. The guidance does, however, state the intent of the offending researcher as being a principal factor in assigning consequences, and further reiterates that researchers should be encouraged to correct past errors in disclosure forms without fear of undue consequences.

Information Sharing – The guidance implores federal agencies to be proactive about sharing information amongst the federal government about individuals who have violated disclosure requirements or those that are suspected to be violating requirements. It also encourages agencies to share research security information publicly and with research institutions that frequently seek federal funding.

Research Security Programs – NSPM-33’s requirements for research organizations receiving $50 million in federal research funding or more have been clarified. These organizations are required to certify that they have implemented a research security program including four different elements: cybersecurity, foreign travel security, research security training, and export control training (if appropriate).

International Collaboration – In addition to the five major areas addressed by the guidance, OSTP’s announcement accompanying the guidance emphasizes that research security must be undertaken with a thoughtful approach with regards to the culture of international collaborations in research, with OSTP Director Eric Lander writing, “if policies to address [research security] significantly diminish our superpower of attracting global scientific talent – or if they fuel xenophobia against Asian Americans – we will have done more damage to ourselves than any competitor or adversary could.” The guidance also authorizes a requirement for federal agencies to implement NSPM-33 in a nondiscriminatory manner, including among members of ethnic or racial minority groups.

Among the next steps listed in the guidance are the development of model disclosure forms and instructions within the next 120 days to be as clear as possible about what is expected of researchers seeking federal funding. It also mentions JCORE will continue to develop standards for use by Federal agencies and research organizations to certify research security programs. The full implementation guidance and announcement are available on the OSTP website.