Research Security – what PIs need to know and why

According to the National Science Foundation’s Office of the Chief of Research Security Strategy and Policy, “Organizations receiving federal funding should demonstrate robust leadership and oversight; establish and administer policies to promote transparency and guard against conflicts of interest and commitment; provide training and information on research security; ensure effective mechanisms for compliance with organizational policies; and implement processes to assess and manage potential risks associated with collaborations and data.”

This site is intended to help PIs learn about research security, why it is important to them and to LMU, and what they need to do. There are four major areas of research security that PIs should know about – foreign collaboration, malign foreign talent recruitment programs, export controls, and data security.

Foreign Collaboration/Influence/Partnerships


Malign Foreign Talent Recruitment Program (MFTRP)

  • What is it? NSPM-33 briefly defines a MFTRP as “an effort organized, managed, or funded by a foreign government, or a foreign government instrumentality or entity, to recruit science and technology professionals or students. The CHIPS & Science Act contains a fuller explanation that may be found here. These regulations prohibit federal agencies from funding PIs and senior/key personnel who participate in MFTRPs.
  • This short (3 minute) video from the UC system has a helpful summary for faculty.
  • Beginning in May 2024, senior personnel applying for and receiving funding from the National Science Foundation will need to certify that they do not participate in MFTRPs. Other agencies will begin having similar requirements.
  • If I’m a PI, what do I need to do? Consult ORSP if you are approached by any program in another country but especially in a country of concern (China, Iran, Russia, N. Korea). And disclose any and all international collaborations as required in federal grant applications.


Export Controls

  • What is it? Export controls are a range of federal laws restricting the transfer of goods and technology to and the performance of services for persons and entities outside the United States and foreign nationals within the United States. These laws are currently implemented through three federal departments – Commerce, State, and Treasury.
  • Export controls may apply to all interactions with foreign persons and entities, not just to sponsored projects.
  • Learn more at the S. Department of State’s site.
  • If I’m a PI, what do I need to do? Because of the complexity of export controls, ORSP and other LMU offices will work with PIs to determine what regulations may apply to their activities and what actions should be taken. Contact ORSP about the screening process and consult Global-Local Affairs and OISS where appropriate.


Data Security

  • What is it? NIST defines data security as “the process of maintaining the confidentiality, integrity, and availability of an organization’s data in a manner consistent with the organization’s risk strategy.” Data security is an important element of research security for all research, whether externally sponsored or not.
  • This brief (3 minute) video from the UC system has a helpful summary for faculty.
  • If I’m a PI, what do I need to do? Be sure to use the resources from ITS, including those found on their information security ITS also has helpful guidance on traveling with technology anywhere beyond campus.

Also note that if you have National Science Foundation funding, beginning in 2025 you will be required to take training in research security either on NSF’s research security site or elsewhere. The videos on NSF’s site are a great resource for anyone, and we encourage you to watch them. The four modules cover what research security is, what needs to be disclosed and why, how to manage and mitigate risk, and international collaboration.


Questions? Contact