This Notice was RESCINDED on September 29, 2025, please see NOT-OD-25-161 that replaces it.

RESCINDED

RESCINDED - Implementation of NIH Research Security Policies
Notice Number:
NOT-OD-25-154

Key Dates

Release Date:

September 11, 2025

Related Announcements

None

Issued by

NATIONAL INSTITUTES OF HEALTH (NIH)

Purpose

Background

The National Institutes of Health (NIH) is committed to supporting the research community in safeguarding U.S. science and engineering through clear, actionable research security policies. In alignment with the CHIPS and Science Act of 2022 (P.L. 117-167),National Security Presidential Memorandum-33 (NSPM-33), and the July 29, 2024 Office of Science and Technology Policy (OSTP) memorandum on Guidelines for Research Security Programs at Covered Institutions, NIH is establishing a series of requirements to strengthen transparency and accountability across NIH funded projects.

Research Security Program Policy:

In alignment with the OSTP memorandum, NIH will require two-part compliance for both covered instiututions and individuals as outlined below:

  1. Covered institutions (i.e., participants in the U.S. R&D enterprise receiving federal science and engineering support “in excess of $50 million per year”). Covered institutions will certify to the NIH that the institution has established and operates a research security program. Each research security program must include elements relating to (1) cybersecurity; (2) foreign travel security; (3) research security training; and (4) export control training, as appropriate.
  2. Covered individuals (i.e., each individual identified as a senior/key person). Covered individuals will certify that they have completed the requisite research security training that meets the research security training requirements within 12 months prior to application submission.

Compliance will be effective for applications submitted on or after January 25, 2026. NIH is participating with NSF other Federal research agencies to develop resources for each of the required elements and to develop a centralized process for recipients to certify compliance. NIH will issue more information on the central certification process as it becomes available.

Research Security Training Resources:

NIH fully supports the NSF online research security training (RST) modules which includes a condensed version of the four modules at the SECURE Center. The condensed RST module is designed to meet the government-wide RST requirement in Section 10634 of the CHIPS and Science Act of 2022 (42 U.S.C. § 19234). Applicant institutions may utilize any training that addresses cybersecurity, international collaboration, foreign interference, and rules for proper use of funds, disclosure, conflict of commitment, and conflict of interest.

Research Security Training Requirements:

  • Institutional Certification: In accordance with Section 10634 of the CHIPS and Science Act of 2022 (42 U.S.C. § 19234), the Authorized Organizational Representative (AOR) must certify, via their signature on the face page of the application (i.e., SF424 R&R cover form), that all individuals identified as senior/key personnel have completed the requisite research security training that meets the research security training requirements within 12 months prior to application submission.
  • Individual Certification at the time of application: In accordance with Section 10634 of the CHIPS and Science Act of 2022 (42 U.S.C. § 19234) each individual identified as a senior/key person must certify that they have completed the requisite research security training that meets the research security training requirements within 12 months prior to application submission. NIH is exploring system solutions to collect this certification. As an interim solution, applicants must provide a certification, electronically signed by each individual identified as a senior/key person, as a flattened PDF in the ‘Other Attachment’ field of the R&R Other Project Information form of the application. The file for each senior/key person must be named ‘ResearchSecurities_[Name].pdf’ without quotations, where ‘[Name]’ is the name of the senior/key person.
  • Annual Certification at the time of the Research Performance Progress Report (RPPR): Individuals serving as senior/key personnel must continue to certify annually that they have completed training within the past 12 months. NIH is exploring system solutions to collect individual certifications. As an interim solution, a certification, electronically signed by each senior/key personnel must be uploaded in RPPR Section G.1., Special Notice of Award and Funding Opportunity Announcement Reporting Requirements section as a flattened PDF file. The file for each senior/key person must be named ‘ResearchSecurities_[Name].pdf’ without quotations, where ‘[Name]’ is the name of the senior/key person.

Malign Foreign Talent Recruitment Program Prohibition:

Effective with the date of this notice, individuals who are a current party to a Malign Foreign Talent Recruitment Program (MFTRP) are not eligible to serve as a senior/key person on an NIH grant or cooperative agreement.

Definition: Malign Foreign Talent Recruitment Program.

Malign Foreign Talent Recruitment Program Certification:

NIH will require MFTRP certifications from applicants and individuals identified as senior/key personnel with its implementation of the Common Forms for Biographical Sketch and Current/Pending (Other) Support.

  • Institutional Certification: In accordance with Section 10632 of the CHIPS and Science Act of 2022 (42 U.S.C. § 19232), the AOR must certify, via their signature on the face page of the application (i.e., SF424 R&R cover form), that all individuals identified by the applicant as senior/key personnel have been made aware of and have complied with their responsibility under that section to certify that the individual is not a party to a malign foreign talent recruitment program.
  • Individual Certification at the time of the application: In accordance with Section 10632 of the CHIPS and Science Act of 2022 (42 U.S.C. § 19232), each individual identified by the applicant as a senior/key person must certify on their Biographical Sketch Common Form, attached on the R&R Senior/Key Person Profile (Expanded) Form, that they are not a party to a malign foreign talent recruitment program.
  • Annual Certification at the time of the RPPR: For NIH awards with Research Performance Progress Reports (RPPRs) due on or after January 25, 2026, individuals serving as senior/key personnel must certify annually to their participation or non-participation in an MFTRP by uploading a certification statement in Section G.1, Special Notice of Award and Funding Opportunity Announcement Reporting Requirements as a flattened PDF file. The file for each senior/key person must be named ‘ResearchSecurities_[Name].pdf’ without quotations, where ‘[Name]’ is the name of the senior/key person. NIH is exploring long-term system solutions to capture this certification. 

Inquiries

Please direct all inquiries to:

NIH Office of Policy for Extramural Research Administration (OPERA)

[email protected]

Weekly TOC for this Announcement
NIH Funding Opportunities and Notices
NIH Office of Extramural Research Logo
Department of Health and Human Services (HHS) - Home Page
Department of Health
and Human Services (HHS)
USA.gov - Government Made Easy
NIH... Turning Discovery Into Health®