Introduction to NSPM-33 and Research Security
National Security Presidential Memorandum 33 (NSPM-33) directs key United States federal funding agencies to establish unified, robust requirements for research security. Primarily targeting academic institutions receiving more than $50 million in annual federal research and development funding, NSPM-33 mandates the implementation of standardized disclosure requirements and formal Research Security Programs. For research administrators, compliance is a high-stakes endeavor—non-compliance risks the loss of millions in federal grants and severe reputational damage.
This roadmap provides US research security teams with a step-by-step compliance guide, analyzing disclosure mandates, programmatic requirements, and technological solutions.
Core Pillars of NSPM-33 Compliance
The White House Office of Science and Technology Policy (OSTP) has organized NSPM-33 execution into two fundamental pillars: Disclosures and Institutional Programs.
| Pillar | Key Requirements | Primary Administrative Impact |
|---|---|---|
| Unified Disclosures | Standardized formats (SciENcv) for Biosketches, Current and Pending Support, and digital persistent identifiers (PIDs). | Eliminates agency-specific variation; mandates complete disclosure of foreign affiliations and funding. |
| Institutional Programs | Formal research security programs addressing cybersecurity, foreign travel, export control, and insider threat training. | Requires a designated Research Security Officer (RSO) and mandatory annual training for research staff. |
Standardizing Disclosures: The Role of SciENcv and PIDs
To eliminate administrative complexity, NSPM-33 guidelines enforce the use of standardized digital formats across major federal agencies, including the NSF, NIH, DOE, and DoD:
- SciENcv Integration: Investigators must use the Science Experts Network Curriculum Vitae (SciENcv) tool to generate Biosketches and Current and Pending Support documents. Hand-written or custom-formatted PDFs are no longer accepted.
- Digital Persistent Identifiers (PIDs): The implementation guidelines highly encourage or mandate the use of authenticated persistent identifiers, such as ORCID iDs, to link researchers to their affiliations, grants, and publications. This digital lineage allows automated compliance checking and reduces the risk of omitted disclosures.
- Failing to Disclose: Omissions—whether accidental or intentional—regarding foreign talent recruitment programs, international laboratory space, or non-monetary support (e.g., equipment, postdocs funded by external governments) are subject to civil and criminal penalties.
Implementing a Certified Research Security Program
For universities exceeding the $50M federal funding threshold, research administrators must implement and document a comprehensive Research Security Program covering four core areas:
1. Cybersecurity Safeguards
The institution must provide a secure IT network compliant with NIST SP 800-171 or CMMC standards. This includes multi-factor authentication, end-to-end data encryption for research data, and regular vulnerability scanning.
2. Foreign Travel Security
Establish travel registry policies requiring researchers to register international travel funded by federal grants. Provide mandatory pre-travel briefings, security training, and clean loaner devices (laptops/phones) for travel to high-risk nations.
3. Export Control & Disclosure Oversight
Implement rigorous export control protocols (covering ITAR and EAR) to track dual-use technologies, sensitive biological agents, and advanced aerospace designs. Insist on annual audits of international collaborative agreements.
4. Insider Threat and Research Integrity Training
Deploy mandatory training modules for all faculty, postdocs, and graduate students working on federal grants. The curriculum must cover intellectual property theft, ethical collaboration boundaries, and disclosure reporting mechanisms.
Conclusion: Building a Culture of Trustworthy Science
NSPM-33 compliance should not be viewed simply as a bureaucratic burden. When implemented correctly, a robust Research Security Program protects researchers’ intellectual property, safeguards tax-payer-funded discoveries, and ensures academic freedom is preserved. By leveraging modern digital tools like SciENcv, ORCID, and robust encryption protocols, US institutions can secure their research pipelines while maintaining their position as global leaders in scientific collaboration.








