Overview

What is Research Security Training (RST)?

Research Security Training is a federally required training program designed to help researchers identify and mitigate risks related to research security, including cybersecurity, foreign influence, disclosure requirements, intellectual property protection, and responsible international collaboration.

Why is Research Security Training required?

Section 10634 of the CHIPS and Science Act of 2022 requires certain individuals involved in federally funded research and development projects to complete research security training before participating in sponsored research activities.

Which federal sponsoring agencies require completion of Research Security Training (RST)?

This requirement has been included in several federal agency terms and conditions. Currently the requirement for Research Security Training (RST) includes National Science Foundation (NSF), National Institutes of Health (NIH), Department of Energy (DOE), Department of Defense (DOD), Department of Agriculture (USDA), and most recently announced, National Aeronautics and Space Administration (NASA).


Covered Individuals and Eligibility

Who must complete Research Security Training?

All individuals who meet the federal definition of a “covered individual” must complete Research Security Training.

What is a “covered individual”?

According to NSPM-33 Implementation Guidance, a covered individual is someone who:

  1. Contributes in a substantive and meaningful way to the scientific development or execution of a federally funded research and development project; and
  2. Is designated as a covered individual by the sponsoring federal agency.

Which project personnel are typically considered covered individuals?

Covered individuals may include:

  • Principal Investigators (PIs)
  • Co-Principal Investigators (Co-PIs)
  • Co-Investigators
  • Senior/Key Personnel
  • Other personnel specifically identified by the sponsoring agency

Are graduate students and postdoctoral researchers required to complete the training?

Not necessarily. Graduate students, postdoctoral researchers, fellows, mentors, and trainees may be required to complete training when they are identified as covered individuals on a proposal.


Timing and Compliance Requirements

When must Research Security Training be completed?

Covered individuals must complete Research Security Training within 12 months prior to proposal submission.

Can a proposal be submitted if required personnel have not completed the training?

No. All covered individuals required by sponsor regulations must have completed Research Security Training before the proposal can be submitted.

Can the training requirement be satisfied during the Just-in-Time (JIT) process?

No. The institution must certify at the time of proposal submission that all covered individuals have completed the training within the required timeframe.

Does this requirement apply only to new proposals or to existing awards as well?

Currently, the requirement applies to new proposal submissions.

Is Research Security Training a one-time requirement?

No. Research Security Training is not a one-time requirement. To meet federal sponsor requirements, covered individuals must have completed the training within the 12 months preceding proposal submission.

If more than 12 months have passed since you completed the training, you must retake it before participating in a proposal that requires Research Security Training.

Is Research Security Training an annual requirement?

Not exactly. The requirement is tied to proposal submission rather than a calendar year. Covered individuals must have completed the training within 12 months before a proposal is submitted.

For example:

  • If you complete training on March 1, 2026, you may use that training for proposals submitted through February 28, 2027.
  • If a proposal is submitted after that date, you must complete the training again before submission.

Common Compliance Scenarios

I completed Research Security Training prior to submission of my NIH R01. Do I have to take training again for my NIH R21?

Not necessarily. If your Research Security Training was completed within the previous 12 months, you may use the same training completion for the R21 submission. If more than 12 months have passed since completing the training, you must complete it again before the proposal is submitted.

I completed Research Security Training for my NSF submission. Do I have to take it again for my DOE submission?

Not necessarily. Research Security Training is portable across federal sponsors. If your training was completed within the previous 12 months, it will typically satisfy the requirement for another federal proposal. However, investigators should always review sponsor-specific requirements and institutional guidance.

I didn’t have to take Research Security Training for my HRSA submission. Why do I need to complete training for my NIH application?

Research Security Training requirements vary by sponsor and funding opportunity. HRSA does not require RST currently. Always review the funding announcement and institutional guidance for the specific proposal being submitted.

My training will expire a few days after the proposal deadline. Do I need to retake it before submission? No. The requirement is based on the proposal submission date. If your training was completed within the 12 months preceding submission, you meet the requirement even if the training expires shortly afterward.

My training was completed 12 months ago tomorrow, and my proposal is due today. Am I compliant?

Yes. The submission date is what matters, not the award date, review date, or project start date.


Training Content

What topics are covered in Research Security Training?

Research Security Training addresses:

  • Cybersecurity and protection of research data and systems
  • Foreign influence and foreign interference risks
  • Disclosure requirements and conflicts of interest
  • Intellectual property protection and management
  • Responsible international collaboration

Training Options and Equivalencies

Can Responsible Conduct of Research (RCR) training or other research integrity training substitute for Research Security Training?

No. Research Security Training is a separate federal requirement and must be completed through an approved research security training program. Completion of RCR training, CITI RCR courses, or other research integrity training does not satisfy this requirement.

Can the institution use a different Research Security Training course?

Institutions may select a federally acceptable training program that satisfies sponsor requirements. Researchers should complete the institutionally designated training unless instructed otherwise.

Are there other options for training?

UWM uses federally approved modules. UWM opted for this as it is broadly accepted by federal agencies and fulfills research security related training requirements. Researchers should complete the institutionally designated training unless instructed otherwise.


Subawards and Collaborating Institutions

Are subrecipient personnel required to complete Research Security Training?

Yes. Covered individuals named in a subrecipient’s proposal that is incorporated into the prime institution’s application must complete Research Security Training as required by the sponsor.

How is compliance verified for subrecipients?

The subrecipient institution’s authorized official certifies compliance through the signed Letter of Intent (LOI), subaward commitment form, or other required institutional documentation. The prime institution generally relies on these certifications rather than collecting individual training records.

What if a subrecipient institution does not offer its own training?

Many federal agencies make approved Research Security Training resources publicly available. Subrecipient personnel may complete an approved training program that meets sponsor requirements.