Part D—NSF Research Security

§19031. Office of Research Security and Policy

The Director shall maintain a Research Security and Policy office within the Office of the Director with not fewer than four full-time equivalent positions, in addition to the Chief of Research Security established pursuant to section 19032 of this title. The functions of the Research Security and Policy office shall be to coordinate all research security policy issues across the Foundation, including by—

(1) consulting and coordinating with the Foundation Office of Inspector General, with other Federal research agencies, and intelligence and law enforcement agencies, and the National Science and Technology Council, as appropriate, in accordance with the authority provided under section 1746 of the National Defense Authorization Act for Fiscal Year 2020 (Public Law 116–92; 42 U.S.C. 6601 note), to identify and address potential security risks that threaten research integrity and other risks to the research enterprise and to develop research security policy and best practices, taking into account the policy guidelines to be issued by the Director of the Office of Science and Technology Policy under section 19231 of this title;

(2) serving as a resource at the Foundation for all issues related to the security and integrity of the conduct of Foundation-supported research;

(3) conducting outreach and education activities for recipients on research policies and potential security risks and on policies and activities to protect intellectual property and information about critical technologies relevant to national security, consistent with the controls relevant to the grant or award;

(4) educating Foundation program managers and other directorate staff on evaluating Foundation awards and recipients for potential security risks;

(5) communicating reporting and disclosure requirements to recipients and applicants for funding;

(6) performing risk assessments, in consultation, as appropriate, with other Federal agencies, of Foundation proposals and awards using analytical tools to assess nondisclosures of required information;

(7) establishing policies and procedures for identifying, communicating, and addressing security risks that threaten the integrity of Foundation-supported research and development, working in consultation, as appropriate, with other Federal agencies, to ensure compliance with National Security Presidential Memorandum–33 (relating to strengthening protections of United States Government-supported research and development against foreign government interference and exploitation) or a successor policy document; and

(8) in accordance with relevant policies of the agency, conducting or facilitating due diligence with regard to applications for research and development awards from the Foundation prior to making such awards.

(Pub. L. 117–167, div. B, title III, §10331, Aug. 9, 2022, 136 Stat. 1551.)

§19032. Chief of Research Security

The Director shall appoint a senior agency official within the Office of the Director as a Chief of Research Security, whose primary responsibility shall be to manage the office established under section 19031 of this title.

(Pub. L. 117–167, div. B, title III, §10332, Aug. 9, 2022, 136 Stat. 1552.)

§19033. Reporting to Congress

(a) Report on resource needs

Not later than 180 days after August 9, 2022, the Director shall provide a report to the Committee on Science, Space, and Technology of the House of Representatives, the Committee on Commerce, Science, and Transportation of the Senate, the Committee on Appropriations of the House of Representatives, and the Committee on Appropriations of the Senate on the resources and the number of full time ¹ employees needed to carry out the functions of the office established in section 19031 of this title.

(b) Annual report on Office activities

(1) In general

Not later than one year after August 9, 2022, and annually thereafter, the Director shall submit to Congress a report on the activities carried out by the Office of Research Security, detailing—

(A) a description of the activities conducted by the Office, including administrative actions taken;

(B) such recommendations as the Director may have for legislative or administrative action relating to improving research security;

(C) identification and discussion of the gaps in legal authorities that need to be improved to enhance the security of institutions of higher education performing research supported by the Foundation; and

(D) information on Foundation Inspector General cases, as appropriate, relating to undue influence and security threats to research and development activities funded by the Foundation, including theft of property or intellectual property relating to a project funded by the Foundation at an institution of higher education.

(2) Form

The report submitted under paragraph (1) shall be submitted in both unclassified and classified formats, as appropriate.

(Pub. L. 117–167, div. B, title III, §10333, Aug. 9, 2022, 136 Stat. 1552.)

¹ So in original. Probably should be "full-time".

§19034. Online resource

The Director shall develop an online resource hosted on the Foundation's website containing up-to-date information, tailored for institutions and individual researchers, including—

(1) an explanation of Foundation research security policies;

(2) unclassified guidance on potential security risks that threaten research integrity and other risks to the research enterprise;

(3) examples of beneficial international collaborations and how such collaborations differ from foreign government interference efforts that threaten research integrity;

(4) best practices for mitigating security risks that threaten research integrity; and

(5) additional reference materials, including tools that assist organizations seeking Foundation funding and awardees in information disclosure to the Foundation.

(Pub. L. 117–167, div. B, title III, §10334, Aug. 9, 2022, 136 Stat. 1552.)

§19035. Research awards

The Director shall continue to make awards, on a competitive basis, to institutions of higher education or non-profit organizations (or consortia of such institutions or organizations) to support research on the conduct of research and the research environment, including research on research misconduct or breaches of research integrity and detrimental research practices.

(Pub. L. 117–167, div. B, title III, §10335, Aug. 9, 2022, 136 Stat. 1553.)

§19036. Authorities

In addition to existing authorities for preventing waste, fraud, abuse, and mismanagement of Federal funds, the Director, acting through the Office of Research Security and Policy and in coordination with the Foundation's Office of Inspector General, shall have the authority to conduct risk assessments, including through the use of open-source analysis and analytical tools, of research and development award applications and disclosures to the Foundation.

(Pub. L. 117–167, div. B, title III, §10336, Aug. 9, 2022, 136 Stat. 1553.)

§19037. Research security and integrity information sharing analysis organization

(a) Establishment

The Director shall enter into an agreement with a qualified independent organization to establish a research security and integrity information sharing analysis organization (referred to in this section as the "RSI-ISAO"), which shall include members described in subsection (d) and carry out the duties described in subsection (b).

(b) Duties

The RSI-ISAO shall—

(1) serve as a clearinghouse for information to help enable the members and other entities in the research community to understand the context of their research and identify improper or illegal efforts by foreign entities to obtain research results, know how, materials, and intellectual property;

(2) develop a set of standard risk assessment frameworks and best practices, relevant to the research community, to assess research security risks in different contexts;

(3) share information concerning security threats and lessons learned from protection and response efforts through forums and other forms of communication;

(4) provide timely reports on research security risks to provide situational awareness tailored to the research and STEM education community;

(5) provide training and support, including through webinars, for relevant faculty and staff employed by institutions of higher education on topics relevant to research security risks and response;

(6) enable standardized information gathering and data compilation, storage, and analysis for compiled incident reports;

(7) support analysis of patterns of risk and identification of bad actors and enhance the ability of members to prevent and respond to research security risks; and

(8) take other appropriate steps to enhance research security.

(c) Funding

The Foundation may provide initial funds toward the RSI-ISAO but shall seek to have the fees authorized in subsection (d)(2) cover the costs of operations at the earliest practicable time.

(d) Membership

(1) In general

The RSI-ISAO shall serve and include members representing institutions of higher education, nonprofit research institutions, and small and medium-sized businesses.

(2) Fees

As soon as practicable, members of the RSI-ISAO shall be charged an annual rate to enable the RSI-ISAO to cover its costs. Rates shall be set on a sliding scale based on research and development expenditures to ensure that membership is accessible to a diverse community of stakeholders and ensure broad participation. The RSI-ISAO shall develop a plan to sustain the RSI-ISAO without Federal funding, as practicable.

(e) Board of directors

The RSI-ISAO may establish a board of directors to provide guidance for policies, legal issues, and plans and strategies of the entity's operations. The board shall include a diverse group of stakeholders representing the research community, including academia, industry, and experienced research security administrators.

(f) Stakeholder engagement

In establishing the RSI-ISAO under this section, the Director shall take necessary steps to ensure the services provided are aligned with the needs of the research community, including by—

(1) convening a series of workshops or other multi-stakeholder events; or

(2) publishing a description of the services the RSI-ISAO intends to provide and the requirements for membership in the Federal Register and provide an opportunity for submission of public comments for a period of not less than 60 days.

(Pub. L. 117–167, div. B, title III, §10338, Aug. 9, 2022, 136 Stat. 1553.)

§19038. Plan with respect to controlled information and background screening

(a) In general

Not later than 180 days after August 9, 2022, the Director, in consultation with the Director of National Intelligence and, as appropriate, other Federal agencies, shall develop a plan to—

(1) identify research areas supported by the Foundation, including in the key technology focus areas, that may involve access to controlled unclassified or classified information, including in the key technology focus areas; and

(2) exercise due diligence in granting access, as appropriate, to the CUI or classified information identified under paragraph (1) to individuals working on such research who are employees of the Foundation or covered individuals on research and development awards funded by the Foundation.

(b) Definitions

In this section:

(1) Classified information

The term "classified information" means any information that has been determined pursuant to Executive Order 13526, any predecessor or successor order, or sections 1-274, 275-321, and 1001-3115 of the Atomic Energy Act of 1954 (42 U.S.C. 2011-2021, 2022-2286i, 2296a-2297h-13) ¹ to require protection against unauthorized disclosure and that is so designated.

(2) Controlled unclassified information

The term "controlled unclassified information" or "CUI" means information described as "Controlled Unclassified Information" under Executive Order 13556 or any successor order, to require protection against unauthorized disclosure and that is so designated.

(Pub. L. 117–167, div. B, title III, §10339, Aug. 9, 2022, 136 Stat. 1554.)

Editorial Notes

References in Text

Executive Order 13526, referred to in subsec. (b)(1), is set out as a note under section 3161 of Title 50, War and National Defense.

The Atomic Energy Act of 1954, referred to in subsec. (b)(1), is act Aug. 1, 1946, ch. 724, as added by act Aug. 30, 1954, ch. 1073, §1, 68 Stat. 919, which is classified principally to chapter 23 (§2011 et seq.) of this title. Some of the Code sections referred to in subsec. (b)(1) are not part of the Act, and some of the Code sections that are part of the Act have been repealed. For complete classification of this Act to the Code, see Short Title note set out under section 2011 of this title and Tables.

Executive Order 13556, referred to in subsec. (b)(2), is set out as a note under section 3501 of Title 44, Public Printing and Documents.

¹ See References in Text note below.

§19039. Foundation funding to institutions hosting or supporting Confucius Institutes

(a) Confucius Institute defined

In this section the term "Confucius Institute" means a cultural institute established as a partnership between a United States institution of higher education and a Chinese institution of higher education to promote and teach Chinese language and culture that is funded, directly or indirectly, by the Government of the People's Republic of China.

(b) Restrictions of Confucius Institutes

Except as provided in subsection (d), none of the funds made available to the Foundation under this division or division A, or an amendment made by this division or division A, may be obligated or expended to an institution of higher education that maintains a contract or agreement between the institution and a Confucius Institute, unless the Director, after consultation with the National Academies, determines such a waiver is appropriate in accordance with subsection (c).

(c) Waiver

The Director, after consultation with the National Academies, may issue a waiver for an institution of higher education that maintains a contract or agreement between the institution and a Confucius Institute if such contract or agreement includes clear provisions that—

(1) protect academic freedom at the institution;

(2) prohibit the application of any foreign law on any campus of the institution;

(3) grant full managerial authority of the Confucius Institute to the institution, including full control over what is being taught, the activities carried out, the research awards that are made, and who is employed at the Confucius Institute; and

(4) prohibit co-location with the institution's Chinese language, history, and cultural programs and require separate promotional materials.

(d) Special rule

(1) In general

Notwithstanding any other provision of this section, this section shall not apply to an institution of higher education if that institution has fulfilled the requirements for a waiver from the Department of Defense as described under section 1062 of the National Defense Authorization Act for Fiscal Year 2021 (Public Law 116–283).

(2) Exception

Notwithstanding any other provision of this section, the prohibition under subsection (b) shall not apply to amounts provided to students as educational assistance.

(e) Effective date

The limitation under subsection (b) shall apply with respect to the first fiscal year that begins after the date that is two years after August 9, 2022, and to any subsequent fiscal year subject to subsection (f).

(f) Sunset

This section shall cease to be effective on the date that is five years after August 9, 2022.

(Pub. L. 117–167, div. B, title III, §10339A, Aug. 9, 2022, 136 Stat. 1555.)

Editorial Notes

References in Text

This division, referred to in subsec. (b), is div. B of Pub. L. 117–167, Aug. 9, 2022, 136 Stat. 1399, which enacted this chapter and enacted, amended, and repealed numerous other sections and notes in the Code. For complete classification of div. B to the Code, see Short Title note set out under section 18901 of this title and Tables.

Division A, referred to in subsec. (b), is div. A of Pub. L. 117–167, Aug. 9, 2022, 136 Stat. 1372, known as the CHIPS Act of 2022. For complete classification of div. A to the Code, see Short Title of 2022 Amendment note set out under section 4651 of Title 15, Commerce and Trade, and Tables.

Section 1062 of the National Defense Authorization Act for Fiscal Year 2021, referred to in subsec. (d)(1), probably means section 1062 of Pub. L. 116–283, known as the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021, which is set out as a note under section 2241 of Title 10, Armed Forces.

§19040. Foreign financial support

(a) In general

The Director shall request, on an annual basis, from a recipient institution of higher education a disclosure, in the form of a summary document, from the institution, a foundation of the institution, and related entities such as any educational, cultural, or language entity, of the current financial support, the value of which is $50,000 or more, including gifts and contracts, received directly or indirectly from a foreign source (as such term is defined in section 1011f(h)(2) of title 20) associated with a foreign country of concern.

(b) Records

Each disclosure to the Director under this section shall be made on the condition that the institution will maintain a true copy of the relevant records subject to the disclosure requirement until the latest of—

(1) the date that is four years after the date of the agreement;

(2) the date on which the agreement terminates; or

(3) the last day of any period that applicable State public record law requires a true copy of such agreement to be maintained.

(c) Documentation

Upon review of the disclosures under this section, the Director may request that a recipient institution provide true copies of any contracts, agreements, or documentation of financial transactions associated with disclosures made under this section.

(d) Office of the Inspector General

The Director, acting through the Office of Research Security and Policy in coordination with the Foundation's Office of Inspector General and in consultation with the recipient institution, may reduce the award funding amount or suspend or terminate the award if the Director determines—

(1) such institution fails to comply with the records retention requirement in subsection (b) or fails to provide information requested under this section; or

(2) the Chief of Research Security determines the disclosures under this section indicate a threat to research security.

(Pub. L. 117–167, div. B, title III, §10339B, Aug. 9, 2022, 136 Stat. 1556.)