National Security Presidential Memorandum 33 (NSPM-33) represents the most significant shift in federal research security policy in decades. For research institutions and individual researchers, understanding these requirements isn't optional—it's essential for maintaining access to federal funding and protecting your institution's reputation.
This guide breaks down the key requirements of NSPM-33, explains what they mean for your institution, and provides practical strategies for achieving and maintaining compliance.
What is NSPM-33?
NSPM-33, formally titled "United States Government-Supported Research and Development National Security Policy," was signed in January 2021 and provides implementation guidance released by the Office of Science and Technology Policy (OSTP). It establishes a comprehensive framework for protecting federally funded research from foreign government interference while maintaining the open research environment essential for scientific progress.
Key Objectives of NSPM-33:
- Strengthen protections for U.S. government-supported R&D against foreign interference
- Standardize disclosure requirements across federal funding agencies
- Clarify roles and responsibilities for researchers and institutions
- Promote research security while preserving international collaboration
- Establish consistent approaches to risk assessment and mitigation
Important Context: NSPM-33 is not about limiting legitimate international collaboration. It's about ensuring transparency and protecting sensitive research from exploitation by foreign governments seeking to gain unfair advantages through inappropriate means.
The Four Pillars of NSPM-33
NSPM-33 is built on four interconnected pillars that together create a comprehensive research security framework:
Disclosure Requirements
Standardized requirements for researchers to disclose current and pending support, affiliations, and other commitments that could affect federally funded research.
Digital Persistent Identifiers
Use of unique identifiers (like ORCiD) to accurately track researcher contributions and affiliations across funding applications and publications.
Research Security Programs
Requirements for institutions to establish comprehensive research security programs with designated personnel and clear procedures.
Information Sharing
Enhanced communication between federal agencies, research institutions, and the research community about threats and best practices.
Disclosure Requirements in Detail
The disclosure requirements are often the most directly impactful aspect of NSPM-33 for individual researchers. Understanding exactly what must be disclosed is critical for compliance.
Current and Pending Support
Researchers must disclose all current and pending sources of support, including:
All research funding regardless of source, including foreign government support
Equipment, supplies, personnel, or other non-monetary support for research
All professional appointments and their associated time commitments
All positions at other institutions, including visiting appointments
Participation in Foreign Talent Programs
Special attention is given to foreign government-sponsored talent recruitment programs, which may:
- Require transfer of intellectual property to foreign entities
- Create conflicting obligations with U.S. funding requirements
- Involve undisclosed compensation or support
- Restrict publication or sharing of research results
Common Disclosure Mistakes to Avoid:
- Omitting "small" or "informal" foreign appointments
- Failing to disclose support that doesn't involve direct payment
- Not updating disclosures when circumstances change
- Assuming institutional knowledge substitutes for formal disclosure
Institutional Requirements
NSPM-33 places significant responsibilities on research institutions, not just individual researchers. Institutions receiving substantial federal research funding must:
Establish a Research Security Program
Institutions must create formal programs to:
- Identify and assess research security risks
- Develop and implement security policies
- Provide training to research personnel
- Monitor compliance and address violations
Designate Research Security Personnel
Appoint qualified individuals responsible for:
- Overseeing research security program implementation
- Serving as point of contact for federal agencies
- Coordinating training and awareness activities
- Responding to security incidents and concerns
Implement Disclosure Verification
Develop processes to:
- Collect and review researcher disclosures
- Verify accuracy of disclosed information
- Identify and address potential conflicts
- Maintain documentation for audit purposes
Provide Training and Education
Ensure all research personnel receive:
- Initial research security awareness training
- Regular refresher training on disclosure requirements
- Updates on emerging threats and policy changes
- Clear guidance on reporting concerns
The Role of Digital Persistent Identifiers
NSPM-33 emphasizes the use of digital persistent identifiers, with ORCiD being the primary standard. Here's why this matters:
Unique Identification
ORCiD provides a unique, persistent identifier that follows researchers throughout their careers, eliminating confusion from name variations or institutional changes.
Comprehensive Tracking
Enables accurate tracking of all research activities, publications, and funding across an entire career.
Verification Support
Facilitates verification of disclosed affiliations and activities by creating a single authoritative record.
International Standard
Recognized globally, enabling consistent identification across international collaborations and publications.
CSR Integration: CSR certification links directly to ORCiD identifiers, creating a verified record of research security training and compliance that travels with researchers across institutions and throughout their careers.
Implementation Timeline and Agency Guidance
Federal agencies have been implementing NSPM-33 requirements according to OSTP guidance. Key milestones include:
NSPM-33 Signed
Presidential memorandum establishes policy framework for research security
OSTP Implementation Guidance
Detailed guidance issued for federal agencies on implementing disclosure requirements
Agency Implementation
Major funding agencies (NSF, NIH, DOE, DOD) update policies and forms
Full Enforcement
Comprehensive requirements in effect with active monitoring and enforcement
NSF
Updated PAPPG with enhanced disclosure requirements and certification statements
NIH
Revised Other Support and Biosketch requirements with detailed guidance
DOE
Strengthened foreign talent program restrictions and disclosure requirements
DOD
Enhanced contractor research security requirements and certifications
Consequences of Non-Compliance
The stakes for NSPM-33 non-compliance are significant. Both individuals and institutions face serious consequences:
For Researchers
For Institutions
Real-World Impact
Since NSPM-33's implementation, numerous researchers have faced criminal charges, institutional sanctions, and career-ending consequences for disclosure failures. Institutions have lost millions in funding and faced intensive federal scrutiny. These aren't theoretical risks—they're documented outcomes.
Best Practices for Compliance
Achieving and maintaining NSPM-33 compliance requires a systematic approach. Here are proven best practices:
Develop Comprehensive Policies
Create clear, written policies covering all disclosure requirements, review processes, and consequences for non-compliance. Ensure policies are easily accessible and regularly updated.
Invest in Training
Provide mandatory, role-appropriate training for all research personnel. Include specific examples and case studies to make requirements concrete and memorable.
Implement Verification Processes
Don't rely solely on self-disclosure. Develop processes to verify disclosed information and identify potential gaps or inconsistencies.
Use Integrated Systems
Deploy technology solutions that centralize disclosure management, automate reminders, and facilitate compliance tracking across your institution.
Establish Regular Review Cycles
Require periodic disclosure updates (not just at proposal time) and conduct regular compliance audits to catch issues early.
Create Safe Reporting Channels
Establish confidential mechanisms for researchers to ask questions, report concerns, and seek guidance without fear of retaliation.
How CSR Certification Supports NSPM-33 Compliance
The Certified Secure Researcher program is specifically designed to help institutions and researchers meet NSPM-33 requirements:
ORCiD Integration
Direct linkage to digital persistent identifiers as required by NSPM-33
Verified Training Records
Documented completion of research security training that meets federal requirements
Portable Credentials
Certification travels with researchers across institutions, reducing redundant training
Institutional Dashboards
Real-time visibility into researcher compliance status across your institution
Audit-Ready Documentation
Comprehensive records that demonstrate compliance to funding agencies and auditors
Automated Compliance Monitoring
Proactive alerts for expiring certifications and training requirements
Take the Next Step Toward NSPM-33 Compliance
NSPM-33 compliance isn't just about meeting requirements—it's about protecting your institution's research enterprise and your researchers' careers. CSR certification provides a clear pathway to demonstrating compliance while reducing administrative burden.
Don't wait for an audit to discover compliance gaps.