On March 9, 2026, the U.S. Department of War (DoW) released an updated version of the Department’s “Component Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions.”  Pursuant to National Security Presidential Memorandum 33 (NSPM-33) and the DoW’s January 2026 memo, “Fundamental Research Security Initiatives and Implementation,” the updated Decision Matrix includes the notice that:
 

“Funds appropriated for the DoW may not be used for grants, contracts, other transactions or other assistance to an institution of higher education if the purpose is to conduct fundamental research in collaboration with, or using equipment from [emphasis added], any entity named on any of the ‘Prohibited Entity Lists’ below. This funding prohibition also extends to the employees of such institutions.”
 

“Prohibited Entity Lists” refers to a compilation of 13 U.S. Government (USG) entity lists now included in the DoW Decision Matrix, representing a significant increase from the four lists previously included.  Examples include, but are not limited to:
 

• DoW 1286 List  (previously included)

• DoW 1260H List (previously included)

• The Office of Foreign Assets Control (OFAC) Non-SDN Chinese Military-Industrial Complex Companies List 

• The Bureau of Industry and Security (BIS) Entity List (previously included) and Denied Persons List

• The Department of Homeland Security Uyghur Forced Labor Prevention Act (UFLPA) Entity List
   

DoW 1286 List  (previously included)

DoW 1260H List (previously included)

The Office of Foreign Assets Control (OFAC) Non-SDN Chinese Military-Industrial Complex Companies List 

The Bureau of Industry and Security (BIS) Entity List (previously included) and Denied Persons List

The Department of Homeland Security Uyghur Forced Labor Prevention Act (UFLPA) Entity List
 

In the updated Decision Matrix, the mitigation categories available for DoW Components has been reduced from five categories to three: Prohibited factors; Mitigation measures required; and No mitigation needed.  Notably, risk factors that now require mitigation measures include:
 

• Within the past five years, the covered individual’s co-author(s) on publications in science and engineering journals are affiliated with an entity on any Prohibited Entity List at the time of review

• Within the past five years, the covered individual’s co-author(s) on publications in scientific and engineering journals are participants in a malign foreign talent recruitment program (MFTRP) meeting any of the criteria defined in section 10638(4) of the CHIPS and Science Act of 2022.
   

Within the past five years, the covered individual’s co-author(s) on publications in science and engineering journals are affiliated with an entity on any Prohibited Entity List at the time of review

Within the past five years, the covered individual’s co-author(s) on publications in scientific and engineering journals are participants in a malign foreign talent recruitment program (MFTRP) meeting any of the criteria defined in section 10638(4) of the CHIPS and Science Act of 2022.
 

Per the introductory text “Collaborations between covered individuals and international researchers do not require mitigation if they do not involve any of the factors described in [the matrix].”
 

During the Feb. 24-26 ASCE (Academic Security and Counter Exploitation) meeting, Kris Gardner, Director of Science and Technology Protection, indicated the implementation timeline would be within 60 days after the publication of the new matrix and would be considered on an award-by-award basis. In subsequent outreach it was confirmed that the prohibition on equipment was at the project level, not applicable to universities broadly, and that it applied to future awards.  

Additional information regarding the updated DoW Decision Matrix, and the Department’s implementation of it, will be provided in future Research Security Briefings, as it becomes available.

Several research-security related congressional hearings are scheduled in March 2026, including:
 

• Senate Judiciary Committee Hearing on "Stealth Stealing: China's Ongoing Theft of U.S. Innovation.”  Originally scheduled for Tuesday, March 17 at 10:15am ET, this event has been postponed.

• House Select Committee on China Hearing on "From the Science Lab to the Medicine Cabinet: How China is Cornering the Market on Our Medicines" on Wednesday, March 18 at 10am ET

• House Ed & Workforce Committee Hearing on Research Security on Thursday, March 26
   

Senate Judiciary Committee Hearing on "Stealth Stealing: China's Ongoing Theft of U.S. Innovation.”  Originally scheduled for Tuesday, March 17 at 10:15am ET, this event has been postponed.

House Select Committee on China Hearing on "From the Science Lab to the Medicine Cabinet: How China is Cornering the Market on Our Medicines" on Wednesday, March 18 at 10am ET

House Ed & Workforce Committee Hearing on Research Security on Thursday, March 26
 

In addition, the Senate Committee on Health, Education, Labor, and Pensions (HELP) recently held the hearing “Transparency and Trust: Exposing Malign Foreign Influence in Higher Education.”

A March 5, 2026, letter from the chairs of the U.S. House Select Committee on China, House Foreign Affairs Committee, and House Education and Workforce Committee Chairman urges U.S. Secretary of State Marco Rubio to determine whether chapters of the Chinese Students and Scholars Association (CSSA) operating on U.S. campuses should be designated as “foreign missions” under the Foreign Missions Act.  The lawmakers argue that “The Chinese government uses student organizations like CSSA branches, which are organized and collectively overseen by the [People’s Republic of China] Ministry of Education and the [Chinese Communist Party’s] United Front Work Department (UFWD), to monitor, control, manipulate, and direct Chinese students abroad.” The letter requests a formal determination and analysis from the State Department on whether CSSA groups meet the legal criteria for foreign-mission designation, making them subject to greater transparency and regulatory oversight.

In a March 10, 2026, letter to Brian Stone, who is Performing duties of the Director, National Science Foundation (NSF), Representative John Moolenaar (R-MI), Chairman of the U.S. House Select Committee on China, calls for a possible pause of work underway by the NSF SECURE initiative, arguing that universities “now charged with designing systems and processes to protect taxpayer-funded research…have been collaborating with People’s Republic of China (PRC) defense research and industrial base entities, many of which are on various U.S. government national security entity lists….”  Moolenaar requests that NSF conduct a comprehensive compliance review of institutions’ participating in the initiative, including their compliance with NSPM-33, Higher Education Act (HEA) Section 117, export controls laws, and the Wolf Amendment, and information related to the universities’ engagement with entities on any U.S. government entity list, collaborative research with PRC military-affiliated entities, and violations of the terms and conditions of the SECURE contract.

The tenth annual Academic Security and Counter Exploitation (ASCE) seminar took place February 24-26, at Texas A&M University.  Following are summaries of a few of the sessions offered.

 

ASCE Session: Research Security at the U.S. National Science Foundation
 

This presentation from Dr. Rebecca Spyke Keiser, Chief of Research Security Strategy and Policy at the U.S. National Science Foundation (NSF), highlighted ongoing efforts to strengthen research security across the U.S. research enterprise, including implementation of National Security Presidential Memorandum-33 (NSPM-33) and provisions of the CHIPS and Science Act of 2022. Dr. Keiser reported that several key requirements are now complete, including common disclosure forms, research security training modules, and requirements related to participation in malign foreign talent recruitment programs. The agency has also established the NSF SECURE Center to support the research community with training, best practices, and tools, while the NSF SECURE Analytics initiative provides data-driven support for institutional due diligence and risk assessment.
 

Dr. Keiser discussed a renewed focus on reducing administrative burden when applying for federal funding. For example, there are malign foreign talent recruitment certifications and an increased focus on comprehensive disclosure. She noted the interest in a common application portal for applying for federal funding and that, while agencies have SciENcv as one common function, there is a need to strategize more on easing administrative work. The White House Office of Science and Technology Policy (OSTP) is also focusing on reducing administrative burden. NIH and NSF have been meeting regularly with OSTP, conducting a side-by-side comparison of all aspects of the proposal process. This includes differences across agencies in what must be disclosed, how the agencies handle conflicts of interest, and how to harmonize these efforts. In addition, agencies are examining whether there are aspects of the proposal process that are no longer needed.  Dr. Keiser indicated that OSTP will broaden this effort to other federal agencies through a National Science and Technology Council subcommittee aimed at reducing administrative burden, mentioning recent COGR and National Academies reports, and suggested options while welcoming additional feedback.
 

Dr. Keiser also described updates to NSF’s TRUST (Trusted Research Using Safeguards and Transparency) framework, including a shift from a decision-tree model, which was extremely labor-intensive, to a decision matrix for evaluating risk, expanding the lists of U.S. proscribed entities, and continued attention to emerging technology areas such as quantum information science and programs within the Technology, Innovation, and Partnerships (TIP) directorate. Dr. Kaiser’s presentation included a slide depicting NSF’s expanded list of U.S. proscribed parties, comprised of approximately 11 entity lists, mainly overlapping with the 13 prohibited entity lists published in DoW’s recently updated risk matrix.
 

The presentation also addressed policy questions surrounding international collaborations in fundamental research.  Dr. Keiser noted that, under the fundamental research exemption established by National Security Decision Directive (NSDD) 189, there are currently no restrictions on international collaborations if the research is intended for open publication. However, recent analyses have identified cases where NSF-funded researchers collaborated with entities appearing on U.S. proscribed or restricted lists, prompting ongoing policy discussions across the federal government about whether and how such collaborations should be addressed. Dr. Keiser noted that agencies are actively discussing how to define “international collaboration,” which could include exchanges of people, data, equipment, or other items of value—not merely co-authorship—and whether additional visibility into secondary collaborations or foreign subawards may be necessary. These discussions, occurring through interagency coordination led by the National Science and Technology Council, aim to balance research security concerns with the continued openness and global engagement that underpin the U.S. research enterprise.
 

Dr. Keiser also discussed the definition of fundamental research writ large, noting that National Security Decision Directive - 189 has been revisited, but not for several years. A JASON study commissioned by NSF observed that the landscape is changing in terms of the scope and scale of research, and that the time from fundamental research to application can now be on the order of months rather than years. Dr. Keiser noted the need to consider whether the definition is clear and that this conversation is taking place within the interagency group. She indicated interest in convening a broader discussion on the topic, including perspectives from those comfortable with the existing definition and those who are not.

 

ASCE Session: NSF SECURE Center Overview
 

Dr. Beth Kolko, Director of the NSF SECURE Center and Professor in the Department of Human Centered Design & Engineering at the University of Washington, presented on the expanding work of the NSF SECURE Center to help universities, research organizations, and industry partners strengthen research security practices while maintaining the openness that underpins the U.S. research enterprise.
 

Established under the CHIPS and Science Act of 2022, the Center provides tools, training, and community-driven resources designed to help institutions navigate evolving federal research security expectations associated with initiatives such as NSPM-33. Using a collaborative “co-creation” model, the Center works with researchers, research security administrators, and other compliance professionals to identify emerging risks and develop practical guidance that institutions can incorporate into their existing research security and due-diligence processes.
 

The NSF SECURE Center has developed a Shared Virtual Environment (SVE), a secure online platform that serves as a clearinghouse for research security resources and collaboration among institutions. The platform includes a risk assessment framework that guides users through structured questions to evaluate potential collaboration risks related to international partnerships, critical technologies, data protection, export control considerations, and cybersecurity concerns.
 

Additional resources include a Travel Center providing guidance and checklists for international travel risk management, available on the Center website as well as in the Shared Virtual Environment, and a community forum where research security professionals can exchange information and discuss evolving policy issues, such as federal restrictions affecting research collaborations. The center also produces research security briefings and additional resources to help institutions interpret federal policy developments and emerging research security topics.
 

Several pilot initiatives highlighted during the session aim to further strengthen collaboration and information sharing across the research security community. One pilot project introduces an Incident Reporting System that allows institutions to report research security concerns or incidents and contribute to a shared database intended to improve situational awareness across the community. Another pilot effort is the Research Security Mentorship Program, a six-month initiative designed to support professional development and knowledge sharing among research security professionals. The program provides participants with access to experienced mentors, a community of practice, and opportunities to help shape the development of future NSF SECURE Center tools and services. 
 

Looking ahead, the NSF SECURE Center plans to expand its offerings through rapid prototyping and community feedback, allowing tools and resources to evolve quickly as policies and risks change. The Center is also increasing engagement with small and medium-sized businesses, including startups that participate in federally funded research programs. Planned resources include contract-review tools that help organizations identify research security risks, guidance on intellectual property strategies, and practical “just-in-time” action plans for responding to emerging threats. Through these combined efforts, the NSF SECURE Center aims to provide the research community with shared infrastructure, expertise, and collaborative networks that support secure and responsible international research partnerships.

 

ASCE Session: NSF SECURE Analytics Overview
 

Kevin Gamache (Texas A&M University System), Dr. Glenn Tiffert (Hoover Institution, Stanford University) and Allen DiPalma (University of Pittsburgh) highlighted the work to date of NSF SECURE Analytics, including the development and beta testing of the Argus platform, a tool designed to help organizations conduct due diligence on potential collaborators and identify research security risks in international partnerships.  The team reported that development of the Argus minimal viable product (MVP) has been completed and that an initial beta test with approximately 60 institutional partners produced encouraging results that are informing the next phase of refinement and deployment. The platform is intended to support institutional processes—not replace them—by providing structured information that research security, export control, and research integrity professionals can incorporate into their existing due-diligence workflows.
 

The six-week beta test ran from November 10 through December 19. Participants completed four structured case studies and submitted responses through an online form, generating 128 case-study responses and 18 additional comments. The exercises focused on identifying potential risk indicators in research collaborations, including whether partners appear on U.S. restricted party lists, whether collaborating sites are located in countries of concern (China, Russia, Iran, or North Korea), whether lead investigators have affiliations with restricted entities, and whether publications in sensitive fields such as artificial intelligence or semiconductors involve co-authors from restricted organizations.
 

Hypothetical scenarios included responding to congressional inquiries about collaborations with foreign institutions, evaluating partners for international clinical trials, and conducting due diligence for a small business producing dual-use technology.
 

Feedback from the beta test was largely positive. Participants reported that the platform was easy to navigate, that query results were well structured and downloadable in PDF or CSV formats, and that integrated restricted-party-list screening significantly accelerated institutional due-diligence workflows. Prominent risk flags helped highlight potential concerns and improved the usefulness of search results. At the same time, testers identified several “trust thresholds” required for broader adoption, including strong data integrity and entity-resolution capabilities, explainable risk indicators, stable system performance and security, defensible documentation suitable for leadership decision-making, and enterprise-scale search, filtering, and reporting functions that allow users to drill down into underlying data.
 

The session also highlighted NSF SECURE Analytics release of research security advisories that provide contextual analysis of global science and technology ecosystems. Two advisories have been released to date, one focused on China and another on Iran. The China advisory examines the country’s state-directed approach to science and technology development, including targeted R&D investment, large-scale national laboratory and infrastructure projects, innovation clusters designed to promote technological self-reliance, and expanded talent recruitment efforts alongside increasing emphasis on intellectual property and technology transfer. The Iran advisory notes that the United States remains Iran’s largest international research partner, that numerous Iranian universities are linked to military or intelligence systems, and that Iranian security organizations have been associated with cyber activity targeting universities while the country deepens research ties with China and Russia. A third advisory examining broader global trends in foreign talent recruitment programs is expected in the future.
 

Looking ahead, the presenters emphasized that addressing research security challenges requires coordinated efforts across policy, operational practice, and technical analytics. The initiative brings together partners including Texas A&M University, the Hoover Institution, FINCH AI, and Elsevier, combining practice-based research security expertise, geopolitical analysis, scalable entity-resolution analytics, and reliable scholarly data. Future work aims to further advance capabilities that can help universities, small businesses, and research organizations make more informed decisions about collaborations while maintaining open and globally engaged research environments.

 

ASCE Session: Federal Agency Research Security Update and Hot Topics
 

A federal panel including Dr. Rebecca Keiser of the National Science Foundation (NSF), Kris Gardner of the Department of War (DoW), Jeannette Singsen of the Department of Energy (DOE), and Dr. Patricia Valdez of the National Institutes of Health (NIH) provided the latest agency information on research security. The discussion was led by moderators Jessa Albertson (Stanford University) and Drs. Holly Bante (University of Cincinnati) and Lisa Nichols (University of Notre Dame).
 

On the topic of the status of research security program (RSP) requirements, Dr. Keiser indicated the interagency group (comprised of federal research funding agencies and other agencies and offices) agree on the requirements. They are coordinating with the White House Office of Science and Technology Policy on next steps with the intent that everything can be issued uniformly and not agency by agency.
 

Dr. Keiser suggested that the group hopes institutions will have at least a year to implement the requirements and understands the community needs adequate time to prepare. She indicated agencies will provide plenty of notice on cybersecurity in particular. They want to give advance notice of this first, as they understand this will be the “heavier lift” for covered institutions. Agencies are working with the National Institute of Standards and Technology (NIST) with respect to the cybersecurity requirements developed in cooperation with institutions in an effort led by the Federal Demonstration Partnership and EDUCAUSE.
 

Regarding RSP foreign travel security requirements, under a shared memorandum of agreement (MOA), the approach agencies have taken is to focus on risk-based travel registration/notification, similar to agencies’ current approach to travel requirements in research security risk mitigation plans. The MOA has not been formally released, and the agencies will let the community know if there are changes. There was a brief discussion of the foreign travel training requirement and incorporating this into the research security training. Regarding institutional certification of research security programs, there will be a single (government-wide) certification for each entity. There was discussion on whether audits or assessments of RSPs would occur, e.g., by agency Inspectors General.  The panelists indicated that this is something they envision happening, possibly by led by a single agency.
 

Regarding NSF efforts, Dr. Keiser indicated the agency will scale up research security analytics during proposal review. She suggested that institutions could perform analytics in advance of submission. NSF will conduct analytics on receipt, identifying issues prior to fuller merit review.
 

Jeannette Singsen provided the DOE update. Regarding the DOE Current and Pending Support Addendum form, the agency is employing this for proposals with more sensitive technologies. DOE will also be checking back on progress with risk mitigation. DoW previously announced similar plans. There was a question about whether researchers could use the same mitigation plan rather than multiple plans within or across agencies. DOE and other agencies seemed amenable to looking into this approach.
 

Kris Gardner indicated the DoW is updating its matrix for fundamental research risk reviews in an effort to simplify it. He noted the 1260H list was being updated and would become a prohibition, including a prohibition on using equipment from the entities on this list. It was suggested that the implementation timeline would be 60 days after the publication of the new matrix (published March 9) and would be considered on an award basis. Per a January memo, the Department will conduct annual reviews of risk mitigation plans as well as 25% of projects without mitigation. Gardner indicated that greater consistency in the risk mitigation process is making it go faster but also noted that some institutions are being contacted for the first time and are not sure how to proceed. He suggested it could be helpful for institutions to share this information. The moderators noted that this is a project currently underway with the NSF SECURE Center, including redacted agency letters and email communications, case studies, and a database with details on the circumstances, process, timeline and outcomes of the risk review and mitigation process.
 

NIH discussed the agency’s implementation of the Common Forms for disclosure and additional case studies the agency has published. Dr. Valdez indicated that, since 2018, NIH has had approximately 700 reports of potential research security-related noncompliance (e.g., potential non-disclosure, foreign components, and financial conflicts of interest) and that NIH has contacted institutions regarding 271 of those reports. Presently, about 50% involve self-disclosure from the institution.
 

On the topic of measuring the impact of federal research security activities, it was noted that there has been a significant decline in engagement with China but that the community needs to look beyond the numbers and look at outcomes and impact (e.g., publications, citations, impact, and quality). The panel briefly discussed how the agencies protect the information that universities and individuals provide under risk mitigation plans; NSF referenced their System of Records Notice (SORN), as well as the challenge of ensuring that risk mitigation requirements do not unfairly diminish a researcher’s reputation/career.
 

Agencies are meeting with their equivalents in other countries, including through the G7 and OECD Global Science Forum.  In addition, agency representatives noted that the National Science and Technology Council was reconvening the research security subcommittee as a means to address administrative burden, noting this would be a principal focus. Agencies also cited last year’s National Academies report on this topic and Council on Governmental Relations (COGR) resources. 

“Enhancing Institutional Cybersecurity Through 14 Controls” 

Presented By: Michael Corn, Vantage Technology Consulting Group
 

As part of its standard training series, the Regulated Research Community of Practice (RRCoP) recently hosted a webinar on cybersecurity. Following is RRCoP’s description of the event:
 

Institutions are encouraged to think carefully about cybersecurity. This effort is driven by the ever-growing number of cyber incidents, emerging requirements like NSPN-33, internal assessments within institutions, and external requirements from funding agencies. Toward this end, it is useful to look at what NSF has added for larger projects. In September, NSF updated its research infrastructure guide to include 14 specific controls. Corn will be providing an overview of what they are, how they're intended to be understood, and discuss the implications of each control for institutions and security practitioners. In short, Corn argues - pay attention, but don't panic.

The COGR virtual meeting took place February 24-27, 2026.  Slide presentations and session recordings are available on the COGR website.  Note that you must be logged into the COGR Portal in order to view the recordings and recordings are available to registered attendees only.

Starting March 19, 2026, the CITI Program will offer the Responsible and Ethical Conduct of Research (RECR) Research Security Training Supplement as part of its Research Security offerings.  This supplement is already included the NSF SECURE Center’s Consolidated Training Module 1.2 (CTM 1.2). The supplement has been converted from its current PDF format into an online, interactive module. This release enables institutions that subscribe to CITI Program’s Research Security and Responsible Conduct of Research (RCR) series to incorporate the module into their relevant RCR courses.

This article from the Federation of American Scientists (FAS) tackles the complex issue of protecting fundamental research while ensuring its security. Historical background and government directives with regulatory context are summarized. Several areas of confusion or lack of clarity regarding basic definitions are also detailed. The article concludes with a proposed plan of action based on five key recommendations. FAS started after World War II and is now a group of “hundreds of scientists across diverse disciplines who joined together to advance science policy and counter scientific misinformation.” (more)

Registration is now open for the in-person May 2026 Federal Demonstration Partnership (FDP) meeting at the Mayflower Hotel in Washington, DC.  The meeting starts on Wednesday, May 27th, and concludes approximately noon Friday, May 29th.  Information regarding research security-related sessions will be provided as agenda details become available.

Texas A&M University’s Research and Innovation Security and Competitiveness (RISC) Institute disseminates weekly RISC Media Bulletins, covering topics related to research security, foreign influence, and the intersection of science, technology, and national security.  To join the distribution list for the RISC Bulletin or view previous editions, click here.

Research Security Officers or leads at universities, non-profits or other research institutions that receive federal rese arch funding, are invited to volunteer for short SECURE Center virtual feedback sessions to gather perspectives on draft materials related to visiting scholars such as guidance, intake forms, invitation letters and terms and conditions. Participation directly informs these materials with the goal of creating templates for use by the broader community. Sessions are currently scheduled for:

• Thursday, March 26, 10am-11am EDT

• Friday, March 27, 9-10 am EDT

• Friday, March 27, 11am-12pm EDT

• Monday, March 30, 10am-11am EDT
   

Thursday, March 26, 10am-11am EDT

Friday, March 27, 9-10 am EDT

Friday, March 27, 11am-12pm EDT

Monday, March 30, 10am-11am EDT
 

Those interested in participating should contact NSF SECURE Center staff at researchsecurity@nd.edu.

Are you a member of the NSF SECURE Center’s Shared Virtual Environment (SVE)?  The NSF SECURE Center website now includes a direct login for the SVE—still using the two-factor security protocol.  Not a member yet?  Request access from the same site.  Within the SVE, members can engage in the Community Forum to connect, ask questions, and work through challenges together, access NSF SECURE Center resources, and more.

A recording is now available of the February 17, 2026, NSF SECURE Center webinar, “Research Security 101: From ‘Foreign Influence’ to the CHIPS and Science Act.” The session, led by Lori Schultz, Co-Director of the NSF SECURE Center Southwest Region and Assistant Vice President for Research Administration at Colorado State University, covered foreign influence/research security in the context of higher education institutions, from universities first learning about the issue through today, including the DOJ China Initiative, NSPM-33 and the definition of research security programs, and the CHIPS and Science Act.

Each week, the NSF SECURE Center hosts events through the National and Regional Centers, including co-creation workshops, educational, and engagement sessions with the research community. The events calendar provides more information about these opportunities and more.