Research Security Training
Fulfilling the Requirements of NSPM-33 and the CHIPS and Science Act
Research security training is required as part of the National Security Presidential Memorandum-33 (NSPM-33) from 2021 and the CHIPS (Creating Helpful Incentives to Produce Semiconductors) and Science Act of 2022. This page details:
- Who needs to complete the training
- How to access the available training options
- Required training frequency
- Specific federal agency implementation timelines
Who Needs to Complete Research Security Training
Covered individuals must complete research security training (RST) prior to submitting proposals for federal awards. Federal funding agencies could also require RST by updating the award terms and conditions. For RST, Iowa State University’s determination of a Covered Individual is, The ISU PI, Co-PI(s), Key Person(s) and named Post Doc or named Graduate Research Assistant (GRA) will be considered Covered Individuals. If a Post Doc or GRA is named in the proposal budget, they must be added in Streamlyne as a Key Person or Co-PI.
How to Access ISU’s Research Security Training Options
Iowa State offers two research security training options – both satisfy federal requirements. The training was developed collaboratively by Duke, Stanford, The University of Michigan, and The Ohio State University through a grant from the National Science Foundation (NSF) in tandem with the National Institutes of Health (NIH), the Department of Energy (DOE) and the Department of Defense (DoD).
Option 1: Research Security Training – Extended
The original version of the training consists of four modules (What is Research Security; The Importance of Disclosure; Manage and Mitigate Risk; and The Importance of International Collaboration) and is expected to take approximately four hours (in total) to complete. This option offers a deeper coverage of the material and might be especially beneficial for new researchers.
Option 2: Research Security Training – Condensed
To reduce the administrative burden and in response to feedback, a condensed, one-hour version was developed by the same institutions that developed the original, comprehensive option.
As a reminder, covered individuals must complete one of the training courses of their choosing; both options fulfill federal requirements.
Required Training Frequency
Training is valid for one year, per the CHIPS and Science Act. Approximately 30 days before your training expires, you will begin to receive an automated weekly e-mail reminder, which will continue for up to seven days after expiration. The reminders will contain links to the two training options; both options will extend your training for another year, regardless of which one you took before. If you are no longer listed on an active award that requires the training, you will be able to disregard the reminders.
Specific Federal Agency Implementation Timelines
Under the CHIPS and Science Act signed into law on August 9, 2022, federal funding agencies are required to establish an annual research security training requirement. While subject to change, the implementation timelines established by each federal funding agency are as follows:
- This agency has not yet published or disseminated guidance related to the implementation of the research security training requirement.
- Per Council on Government Relations (COGR), the DOD is expected to accept the existing research security training modules.
Effective Date: May 1, 2025
Research Security Training Requirements
- Individual Certification:
Covered individuals listed on applications must certify via Current and Pending Support disclosure certification, that they have “completed within one year of such application research security training that meets the guidelines [described in the Act]”. DOE interprets this as the 12 months immediately preceding the application date.
Any new covered individuals at the recipient and subrecipient levels added to the project must certify that they have completed the training within thirty (30) calendar days of the individual joining the project (see Current and Pending Support term for certification instructions). - Institutional Certification:
Prime applicants [the institution] must “certify that each covered individual who is employed by such institution or organization and listed on the application has completed such training.” DOE interprets this as the prime applicant’s responsibility to verify the accurateness of the individual certifications as a condition of submitting an application to DOE. The certification date is therefore the date the prime applicant submits their application to DOE.
Sources
Effective Date: May 25, 2026
Training and Certification Requirements
- Covered Individuals:
“…each covered individual…listed on an NIH grant application must certify that they have completed RST within 12 months of the date of application submission. …NIH will collect the individual certification at the time of the application submission, through the Biographical Sketch in SciENcv.”
- Institutions:
“The Act [CHIPS and Science Act]…requires applicant institutions to certify that each covered individual who is employed by the institution and listed on the application has completed RST. The Authorized Organization Representative (AOR), via their signature on the face page of the application, will certify the applicant institution’s compliance with this requirement.”
Source
- This agency has not yet published or disseminated guidance related to the implementation of the research security training requirement.
- Per Council on Government Relations (COGR), NASA is expected to accept the existing research security training modules.
Effective Date: October 10, 2025
Research Security Training Requirements
- Individual Certification:
“In accordance with Section 10634 of the CHIPS and Science Act of 2022 (42 U.S.C. § 19234), each individual identified as a senior/key person [covered individuals] must certify that they have completed the requisite research security training that meets the requirements specified in Item 2 of Important Notice No. 149 within 12 months prior to proposal submission.” The method for covered individuals to make this certification is not specified. - Institutional Certification:
In accordance with Section 10634 of the CHIPS and Science Act of 2022 (42 U.S.C. § 19234), the Authorized Organizational Representative (AOR) must certify that all individuals identified as senior/key personnel have completed the requisite research security training that meets the requirements specified in Item 2 of Important Notice No. 149 within 12 months prior to proposal submission.
Source
Effective Date: To be determined
The USDA/NIFA has not yet provided guidance regarding its implementation of the research security training requirement. However, they have stated that each mission area, agency, and office that administers arrangements will be responsible for implementing and ensuring compliance with the requirement.
Research Security Training Requirements: To be determined
Source
(Section last updated: December 8, 2025)