Login
Home / Areas of Service / Research Security / Federal Agency Reviews of Fundamental Research

Federal Agency Reviews of Fundamental Research

In response to federal regulations regarding safeguarding the research enterprise, federal research sponsors have implemented, or are implementing, research security risk reviews of fundamental research proposals. These risk reviews are distinct from the scientific and peer review processes and are intended to occur once a proposal has been selected as a candidate for funding.

While the agencies have different approaches to risk reviews and risk mitigation requirements (see below), all federal research sponsors:

  • Prohibit Covered Individuals, including Senior/Key personnel, from participating in Malign Foreign Talent Recruitment Programs (MFTRPs). Covered Individuals applying for or participating in sponsored projects funded by the U.S. government may not participate in MFTRPs. See Penn’s Foreign Talent Recruitment Program page and Sponsored Programs Policy 2145 for more information.
  • View the following as factors that may require risk mitigation measures as a condition of an award:
    • Indicators of active funding from a Foreign Country of Concern (FCOC; currently defined as China, Iran, North Korea, and Russia) or an FCOC-connected entity.
    • Indicators of active affiliations/associations with individuals or entities on Restricted Party Lists*.

Examples of Risk Mitigation Measures

If the federal research sponsor identifies risk indicators, they may request that a Risk Mitigation Plan be put in place prior to award, or include specific risk mitigation measures in the terms and conditions of the award. Specific risk mitigation measures vary depending on the agency, project, and indicators identified during review, and may include (among others):

  • Additional research security training.
  • Prior notification of international travel, including personal travel in some cases.
  • Reporting suspicious inquiries.
  • Concurrence from the sponsor on any planned international collaborations or co-authorships associated with the award.
  • Discontinuation of certain international collaborations for the duration of the award.
  • Ceasing certain associations or affiliations.

If you receive notification that a security review identified potential risk indicators that require mitigation, please contact: PennResearchSecurity@pobox.upenn.edu.

Specific Agency Frameworks

In 2023, DoD issued a policy for risk-based security reviews of fundamental research, documenting how DoD components evaluate undue foreign influence risk factors when reviewing proposals for fundamental research. This risk matrix outlines certain indicators, such as participation in “non-malign” Foreign Talent Recruitment Programs and/or associations and affiliations with institutions on Restricted Party Lists, that require risk mitigation or, if no mitigation is possible, rejection of the proposal.

The current risk matrix may be found here.

In November 2024, the Department of Energy (DOE) published a memo outlining DOE's approach to Research Technology and Economic Security (RTES) risk for financial assistance and loan activities, including an overview of DOE's process, high-level risk factors, and mitigation. To address risk across DOE activities, effective May 1, 2025, Covered Individuals (e.g., PIs, Co-PIs, Senior/Key Personnel) must certify that they have completed Research Security Training within 12 months prior to submitting a proposal.

The memo, which includes DOE-specific definitions, can be found here.
Penn's Research Security Training can be found here.

NSF is currently piloting the TRUST (Trusted Research Using Safeguards and Transparency) proposal assessment process. The TRUST framework is a decision-tree approach to assess research proposals and ongoing projects for 1) concerning appointments (e.g., MFTRP participation, and research support; 2) non-compliance with disclosure and other requirements; and 3) potential risks to national security.

The pilot program is applying the TRUST framework to quantum-related proposals after they undergo merit review and may expand the framework to include other areas in the future. See NSF’s TRUST Policy Memo for more information.

NSF will also be implementing a Research Security Training requirement in the upcoming PAPPG. Penn's Research Security Training can be found here.

NIH released a decision matrix for assessing potential foreign interference. Under current NIH policy, Principal Investigators and Key Personnel may participate in foreign research grants and/or foreign employment but may not participate in MFTRPs. NIH may require mitigation measures as a condition of an award if there are indicators of active participation in an MFTRP, undisclosed/incompletely disclosed funding from an FCOC or FCOC-connected entity, or undisclosed/incompletely disclosed affiliation with an institution or entity located in or connected to an FCOC.

For a more detailed description of NIH’s approach, see here.

________

* U.S. government agencies maintain lists of individuals and entities that have committed export violations or other offenses or have been deemed to engage in behavior contrary to U.S. policy and national security. These lists are collectively referred to as “Restricted Party Lists.”

If you would like to proactively screen prospective or current collaborations, associations, affiliations, etc., against Restricted Party Lists, please send your request, along with the name of the individual(s), institution(s), and country(ies), to expctrl@lists.upenn.edu. (See Restricted Party Screening at Penn for more information.)

icon-arrowicon-circlesicon-docicon-downloadicon-externalicon-lettericon-lockicon-magnifiericon-pdficon-phoneicon-resourceicon-xls