Research Security: How Sponsors Categorize Risk
Each federal funding agency has or will publish an agency specific rules regarding their approach to research security reviews to identify potential conflicts of interest and conflicts of commitment arising from foreign influence. The agencies’ programs outline what types of international activities that may or will require risk mitigation.
Agency Risk Matrix
The chart below provides a general overview of the risk factors considered by federal agencies, either due to their published programs or to NC State’s experience. While there are differences in how each agency determines risk, they are all concerned about the following, especially if involving a Foreign Country of Concern:
- Undisclosed support,
- Undisclosed affiliations and,
- Participation in Foreign Talent Recruitment Programs that are considered Malign.
In accordance with REG 01.25.01 – Conflicts of Interest and Conflicts of Commitment, NC State personnel serving as Senior/Key Personnel on sponsored research projects are required to disclose support for External Professional Activities, including accepting formal appointments and participation in Foreign Talent Recruitment Programs. For more information about these disclosure obligations, please visit External Professional Activities: Procedure and Guidance | Research Administration and Compliance.
Note: This chart is not intended to be comprehensive, but to give a general framework of the common risk factors. For Agency specific rules and considerations, see detailed information below.
***Chart Coming Soon***
Agency Detailed Information
Department of Defense
In June 2023, the Department of Defense (DoD) released its decision matrix for countering unwanted foreign influence as part of a Risk-Based Security Reviews policy. The policy identifies 4 risk factors: (1) foreign talent recruitment program participation; (2) funding sources from foreign countries of concern; (3) patent applications or patents filed outside the US; and (4) association or affiliation with an entity on US entity lists like the BIS Entity list and section 1286 of the 2019 NDAA (for the full description of these lists, please see the link below). Co-authorship with individuals on entity lists or the BIS Denied Persons List is considered a risk factor.
Key Links:
- Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions
- Section 1286 List – This document includes both Entities identified by the DOD as Entities of Concern and Specific Foreign Talent Recruitment Programs that are considered Malign. When reviewing institutions for External Professional Activities or sponsored research, NC State includes the Section 1286 list to identify Entities of Concern.
- Science and Technology (S&T) Program Protection
- Policy on Risk-Based Security Reviews of Fundamental Research
- DOD Under Secretary of Defense Letter to Academia 10/10/2019
Defense Advanced Research Projects Agency
Per a December 2023 memorandum, the Defense Advanced Research Projects Agency (DARPA) has adopted the above DoD Risk-Based Security Reviews policy and decision matrix. This policy replaces the previously established Countering Foreign Influence Program (CFIP) policy, DARPA Risk Rubric, and FAQs. In May, 2024, DARPA published updated FAQs to address how it is implementing the DoD policy.
U.S. Army
The US Army has not yet adopted the DoD Risk-Based Security Reviews policy and continues to use the Army Research Risk Assessment Program (ARRP) matrix for Senior/Key Personnel. The ARRP identifies 4 risk factors: (1) participation in foreign talent recruitment programs of strategic competitors; (2) affiliation or association with entities on US government entity lists; (3) funding from strategic competitors; and (4) affiliation, association, or collaboration with a foreign institution, person, or entity from a strategic competitor. Co-authorship is considered a form of collaboration by the ARRP.
Key Links:
Department of Energy and National Nuclear Security Administration
In November 2024, DOE issued its Research, Technology and Economic Security Framework for Financial Assistance. The framework document lays out the review process that DOE will follow and the risk factors it will consider when evaluating proposals for research security concerns. DOE considers the following risk factors when reviewing proposed Senior/Key Personnel: 1) ties to malign foreign talent recruitment programs, 2) certain foreign funding sources (both monetary and in-kind), 3) certain concerning behaviors associated with patenting (e.g., transferring to foreign entities after filing), and 4) ties to foreign entities or foreign collaborators on specified lists or with specified characteristics. Foreign birth and citizenship do not, in and of themselves, constitute risk factors.
In October 2024, DOE issued the FAL 2025-02, establishing a Research Security Training requirement for all Senior/Key Personnel on DOE proposals. Starting May 1, 2025, all listed Senior/Key Personnel will have to certify they have taken research security training consistent with the CHIPS and Science Act of 2022. See the Research Security Training Page (Coming Soon) for more information on how to meet this requirement.
Key Links:
National Science Foundation (NSF)
The National Science Foundation has detailed a new risk mitigation process called Trusted Research Using Safeguards and Transparency (TRUST). TRUST will first be piloted with quantum related proposals in October 2024 before being applied more widely. NSF is reviewing 3 factors through TRUST: (1) active appointments and positions with or research support from proscribed parties including participation in Malign Foreign Talent Recruitment Programs; (2) non-disclosure of appointments, activities, and sources of research support; and (3) potential national security applications of the research. NSF is reviewing disclosures from January 2022 when implementation plans for NSPM-33 were released. NSF is not using co-authorship as a risk factor at this time.