Part D—NSF Research Security
§19031. Office of Research Security and Policy
The Director shall maintain a Research Security and Policy office within the Office of the Director with not fewer than four full-time equivalent positions, in addition to the Chief of Research Security established pursuant to
(1) consulting and coordinating with the Foundation Office of Inspector General, with other Federal research agencies, and intelligence and law enforcement agencies, and the National Science and Technology Council, as appropriate, in accordance with the authority provided under section 1746 of the National Defense Authorization Act for Fiscal Year 2020 (
(2) serving as a resource at the Foundation for all issues related to the security and integrity of the conduct of Foundation-supported research;
(3) conducting outreach and education activities for recipients on research policies and potential security risks and on policies and activities to protect intellectual property and information about critical technologies relevant to national security, consistent with the controls relevant to the grant or award;
(4) educating Foundation program managers and other directorate staff on evaluating Foundation awards and recipients for potential security risks;
(5) communicating reporting and disclosure requirements to recipients and applicants for funding;
(6) performing risk assessments, in consultation, as appropriate, with other Federal agencies, of Foundation proposals and awards using analytical tools to assess nondisclosures of required information;
(7) establishing policies and procedures for identifying, communicating, and addressing security risks that threaten the integrity of Foundation-supported research and development, working in consultation, as appropriate, with other Federal agencies, to ensure compliance with National Security Presidential Memorandum–33 (relating to strengthening protections of United States Government-supported research and development against foreign government interference and exploitation) or a successor policy document; and
(8) in accordance with relevant policies of the agency, conducting or facilitating due diligence with regard to applications for research and development awards from the Foundation prior to making such awards.
(
§19032. Chief of Research Security
The Director shall appoint a senior agency official within the Office of the Director as a Chief of Research Security, whose primary responsibility shall be to manage the office established under
(
§19033. Reporting to Congress
(a) Report on resource needs
Not later than 180 days after August 9, 2022, the Director shall provide a report to the Committee on Science, Space, and Technology of the House of Representatives, the Committee on Commerce, Science, and Transportation of the Senate, the Committee on Appropriations of the House of Representatives, and the Committee on Appropriations of the Senate on the resources and the number of full time 1 employees needed to carry out the functions of the office established in
(b) Annual report on Office activities
(1) In general
Not later than one year after August 9, 2022, and annually thereafter, the Director shall submit to Congress a report on the activities carried out by the Office of Research Security, detailing—
(A) a description of the activities conducted by the Office, including administrative actions taken;
(B) such recommendations as the Director may have for legislative or administrative action relating to improving research security;
(C) identification and discussion of the gaps in legal authorities that need to be improved to enhance the security of institutions of higher education performing research supported by the Foundation; and
(D) information on Foundation Inspector General cases, as appropriate, relating to undue influence and security threats to research and development activities funded by the Foundation, including theft of property or intellectual property relating to a project funded by the Foundation at an institution of higher education.
(2) Form
The report submitted under paragraph (1) shall be submitted in both unclassified and classified formats, as appropriate.
(
1 So in original. Probably should be "full-time".
§19034. Online resource
The Director shall develop an online resource hosted on the Foundation's website containing up-to-date information, tailored for institutions and individual researchers, including—
(1) an explanation of Foundation research security policies;
(2) unclassified guidance on potential security risks that threaten research integrity and other risks to the research enterprise;
(3) examples of beneficial international collaborations and how such collaborations differ from foreign government interference efforts that threaten research integrity;
(4) best practices for mitigating security risks that threaten research integrity; and
(5) additional reference materials, including tools that assist organizations seeking Foundation funding and awardees in information disclosure to the Foundation.
(
§19035. Research awards
The Director shall continue to make awards, on a competitive basis, to institutions of higher education or non-profit organizations (or consortia of such institutions or organizations) to support research on the conduct of research and the research environment, including research on research misconduct or breaches of research integrity and detrimental research practices.
(
§19036. Authorities
In addition to existing authorities for preventing waste, fraud, abuse, and mismanagement of Federal funds, the Director, acting through the Office of Research Security and Policy and in coordination with the Foundation's Office of Inspector General, shall have the authority to conduct risk assessments, including through the use of open-source analysis and analytical tools, of research and development award applications and disclosures to the Foundation.
(
§19037. Research security and integrity information sharing analysis organization
(a) Establishment
The Director shall enter into an agreement with a qualified independent organization to establish a research security and integrity information sharing analysis organization (referred to in this section as the "RSI-ISAO"), which shall include members described in subsection (d) and carry out the duties described in subsection (b).
(b) Duties
The RSI-ISAO shall—
(1) serve as a clearinghouse for information to help enable the members and other entities in the research community to understand the context of their research and identify improper or illegal efforts by foreign entities to obtain research results, know how, materials, and intellectual property;
(2) develop a set of standard risk assessment frameworks and best practices, relevant to the research community, to assess research security risks in different contexts;
(3) share information concerning security threats and lessons learned from protection and response efforts through forums and other forms of communication;
(4) provide timely reports on research security risks to provide situational awareness tailored to the research and STEM education community;
(5) provide training and support, including through webinars, for relevant faculty and staff employed by institutions of higher education on topics relevant to research security risks and response;
(6) enable standardized information gathering and data compilation, storage, and analysis for compiled incident reports;
(7) support analysis of patterns of risk and identification of bad actors and enhance the ability of members to prevent and respond to research security risks; and
(8) take other appropriate steps to enhance research security.
(c) Funding
The Foundation may provide initial funds toward the RSI-ISAO but shall seek to have the fees authorized in subsection (d)(2) cover the costs of operations at the earliest practicable time.
(d) Membership
(1) In general
The RSI-ISAO shall serve and include members representing institutions of higher education, nonprofit research institutions, and small and medium-sized businesses.
(2) Fees
As soon as practicable, members of the RSI-ISAO shall be charged an annual rate to enable the RSI-ISAO to cover its costs. Rates shall be set on a sliding scale based on research and development expenditures to ensure that membership is accessible to a diverse community of stakeholders and ensure broad participation. The RSI-ISAO shall develop a plan to sustain the RSI-ISAO without Federal funding, as practicable.
(e) Board of directors
The RSI-ISAO may establish a board of directors to provide guidance for policies, legal issues, and plans and strategies of the entity's operations. The board shall include a diverse group of stakeholders representing the research community, including academia, industry, and experienced research security administrators.
(f) Stakeholder engagement
In establishing the RSI-ISAO under this section, the Director shall take necessary steps to ensure the services provided are aligned with the needs of the research community, including by—
(1) convening a series of workshops or other multi-stakeholder events; or
(2) publishing a description of the services the RSI-ISAO intends to provide and the requirements for membership in the Federal Register and provide an opportunity for submission of public comments for a period of not less than 60 days.
(
§19038. Plan with respect to controlled information and background screening
(a) In general
Not later than 180 days after August 9, 2022, the Director, in consultation with the Director of National Intelligence and, as appropriate, other Federal agencies, shall develop a plan to—
(1) identify research areas supported by the Foundation, including in the key technology focus areas, that may involve access to controlled unclassified or classified information, including in the key technology focus areas; and
(2) exercise due diligence in granting access, as appropriate, to the CUI or classified information identified under paragraph (1) to individuals working on such research who are employees of the Foundation or covered individuals on research and development awards funded by the Foundation.
(b) Definitions
In this section:
(1) Classified information
The term "classified information" means any information that has been determined pursuant to Executive Order 13526, any predecessor or successor order, or sections 1-274, 275-321, and 1001-3115 of the Atomic Energy Act of 1954 (
(2) Controlled unclassified information
The term "controlled unclassified information" or "CUI" means information described as "Controlled Unclassified Information" under Executive Order 13556 or any successor order, to require protection against unauthorized disclosure and that is so designated.
(
Editorial Notes
References in Text
Executive Order 13526, referred to in subsec. (b)(1), is set out as a note under
The Atomic Energy Act of 1954, referred to in subsec. (b)(1), is act Aug. 1, 1946, ch. 724, as added by act Aug. 30, 1954, ch. 1073, §1,
Executive Order 13556, referred to in subsec. (b)(2), is set out as a note under
1 See References in Text note below.
§19039. Foundation funding to institutions hosting or supporting Confucius Institutes
(a) Confucius Institute defined
In this section the term "Confucius Institute" means a cultural institute established as a partnership between a United States institution of higher education and a Chinese institution of higher education to promote and teach Chinese language and culture that is funded, directly or indirectly, by the Government of the People's Republic of China.
(b) Restrictions of Confucius Institutes
Except as provided in subsection (d), none of the funds made available to the Foundation under this division or division A, or an amendment made by this division or division A, may be obligated or expended to an institution of higher education that maintains a contract or agreement between the institution and a Confucius Institute, unless the Director, after consultation with the National Academies, determines such a waiver is appropriate in accordance with subsection (c).
(c) Waiver
The Director, after consultation with the National Academies, may issue a waiver for an institution of higher education that maintains a contract or agreement between the institution and a Confucius Institute if such contract or agreement includes clear provisions that—
(1) protect academic freedom at the institution;
(2) prohibit the application of any foreign law on any campus of the institution;
(3) grant full managerial authority of the Confucius Institute to the institution, including full control over what is being taught, the activities carried out, the research awards that are made, and who is employed at the Confucius Institute; and
(4) prohibit co-location with the institution's Chinese language, history, and cultural programs and require separate promotional materials.
(d) Special rule
(1) In general
Notwithstanding any other provision of this section, this section shall not apply to an institution of higher education if that institution has fulfilled the requirements for a waiver from the Department of Defense as described under section 1062 of the National Defense Authorization Act for Fiscal Year 2021 (
(2) Exception
Notwithstanding any other provision of this section, the prohibition under subsection (b) shall not apply to amounts provided to students as educational assistance.
(e) Effective date
The limitation under subsection (b) shall apply with respect to the first fiscal year that begins after the date that is two years after August 9, 2022, and to any subsequent fiscal year subject to subsection (f).
(f) Sunset
This section shall cease to be effective on the date that is five years after August 9, 2022.
(
Editorial Notes
References in Text
This division, referred to in subsec. (b), is div. B of
Division A, referred to in subsec. (b), is div. A of
Section 1062 of the National Defense Authorization Act for Fiscal Year 2021, referred to in subsec. (d)(1), probably means section 1062 of
§19040. Foreign financial support
(a) In general
The Director shall request, on an annual basis, from a recipient institution of higher education a disclosure, in the form of a summary document, from the institution, a foundation of the institution, and related entities such as any educational, cultural, or language entity, of the current financial support, the value of which is $50,000 or more, including gifts and contracts, received directly or indirectly from a foreign source (as such term is defined in
(b) Records
Each disclosure to the Director under this section shall be made on the condition that the institution will maintain a true copy of the relevant records subject to the disclosure requirement until the latest of—
(1) the date that is four years after the date of the agreement;
(2) the date on which the agreement terminates; or
(3) the last day of any period that applicable State public record law requires a true copy of such agreement to be maintained.
(c) Documentation
Upon review of the disclosures under this section, the Director may request that a recipient institution provide true copies of any contracts, agreements, or documentation of financial transactions associated with disclosures made under this section.
(d) Office of the Inspector General
The Director, acting through the Office of Research Security and Policy in coordination with the Foundation's Office of Inspector General and in consultation with the recipient institution, may reduce the award funding amount or suspend or terminate the award if the Director determines—
(1) such institution fails to comply with the records retention requirement in subsection (b) or fails to provide information requested under this section; or
(2) the Chief of Research Security determines the disclosures under this section indicate a threat to research security.
(