A Q&A Guide to New Federal Requirements for Researchers

Due to new federal laws, including the CHIPS and Science Act of 2022, key federal funders like the National Science Foundation (NSF) and the National Institutes of Health (NIH) now require researchers to complete research security training. This training is designed to protect intellectual property, manage risks, and ensure the integrity of your research.

Who Needs to Take This Training?

Training is required for:

All faculty involved in any externally funded research, listed under FAQ “Which federal agencies are impacted by this mandate.”

Any non-faculty member who is considered a “covered individual” on any externally funded research listed under FAQ “Which federal agencies are impacted by this mandate. This generally includes principal investigators (PIs), co-PIs, and other senior/key personnel who contribute to the project in a meaningful way.

Training is highly recommended for:

All faculty, staff, and students involved in any international collaborations or engagements.

Training Deadlines:

For Current Federal Grantees: Deadlines vary by federal agency, therefore USM is asking all senior/key personnel on an active, federally funded project to complete the training by October 1, 2025.

For Future Applicants: Moving forward, senior/key personnel must complete the required training before a new proposal is submitted to a federal agency. Please check the specific agency requirements below, as many require training to be completed within 12 months prior to submission.

The term “covered individual” means an individual who— (A) contributes in a substantive, meaningful way to the scientific development or execution of a research and development project proposed to be carried out with a research and development award from a Federal research agency; and (B) is designated as a covered individual by the Federal research agency concerned. Source: 42 USC § 19237(1)

All research security training is completed through the Collaborative Institutional Training Institute (CITI). Completing your course in CITI creates an official record for the university.
Follow these simple steps:

  1. Click on the CITI icon in your launchpad of the University portal page
  2. Once logged in, select “Add a Course.”
  3. Select one of the following courses listed under “Which Course Must I Take?”
  4. Click “Submit”
  • You only need to complete ONE of the following courses in CITI to meet the general requirement.
    • Research Security Training (Condensed): Takes about 1 hour.
    • Research Security Training (Full Course): Takes about 3 hours.
    • Research Security Advanced Refresher Course: Takes about 2 hours.
  • Note: While any of these courses satisfy the requirement, some federal agencies or specific projects may require additional training. Always review your grant proposal guidelines to confirm.

Several federal agencies have specific deadlines and requirements. For current grantees, the deadline to take the training varies by agency and is  listed below. For future proposals to these agencies, senior/key personnel must complete the training within 12 months prior to submitting the proposal.

  • Department of Energy (DOE)
    • Deadline: May 1, 2025
    • Who: All “covered individuals” listed in an application.
  • Department of Agriculture (USDA)
    • Deadline: July 8, 2025
    • Who: All individuals listed on a research & development proposal.
  • National Institutes of Health (NIH)
    • Deadline: October 1, 2025
    • Who: All senior/key personnel listed on an application.
  • National Science Foundation (NSF)
    • Deadline: October 10, 2025
    • Who: All senior/key personnel listed on an application.
  • Department of Defense (DOD) & National Aeronautics and Space Administration (NASA)
    • Deadline: To be determined (TBD).
    • Who: Requirements have not been released, but specific proposals may already require training. Please read all guidelines carefully.

Yes. If your funding is a federal source impacted by this mandate but you are a subrecipient via a pass-through grant, you are required to produce evidence that key personnel and covered individuals have completed Research Security Training.

  • The research security training program covers essential topics to help you navigate the complexities of modern research, including:
    • Cybersecurity and protecting your data
    • Foreign travel security
    • Risk management and mitigation
    • Disclosure procedures and reporting requirements
    • Understanding malign foreign talent recruitment programs (MFTRPs)
  • An MFTRP is an arrangement where a foreign government or a related entity offers compensation (like salary, research funding, or prestigious titles) to a researcher in exchange for actions that could harm U.S. interests. These arrangements often involve the unauthorized transfer of intellectual property or create a conflict of interest with federal research awards.
  • Important: Individuals involved in an MFTRP are not eligible to serve as senior/key personnel on an NSF proposal or award. At the proposal stage, researchers and the institution must certify that senior/key personnel are not part of an MFTRP. This certification is also required annually for active NSF awards. You must disclose any participation in foreign talent programs to federal sponsors.
AgencyDeadlineDetails
Department of Defense (DOD)TBDTraining requirements have not been officially released by DOD.   Some proposals and/or awards may require research security training.  Read all proposal guidelines and awards carefully for specific training requirements
Department of Energy (DOE)May 1, 2025Who: Covered individuals who are listed in an application.
When: Training must have been completed within the previous 12 months of the submission of a proposal.
FAL 2025-02 Financial Assistance Letter Research Security Training Requirements for all R&D Financial Assistance Awards
National Aeronautics and Space Administration (NASA)TBDTraining requirements have not been officially released by NASA.   Some proposals and/or awards may require research security training.  Read all proposal guidelines and awards carefully for specific training requirement
National Science Foundation (NSF)October 10, 2025Who: Senior/key personnel listed on the application for a research and development award are required to take the training.   
When: Training must have been completed within the previous 12 months of the submission of a proposal.
Important Notice No. 149: Updates to NSF Research Security Policies
Note: This training will be required for all individuals participating on a NSF research award as part of responsible  and ethical conduct of research requirements.
National Institutes of Health (NIH)October 1, 2025Who: Senior/key personnel listed on the application for a research and development award are required to take the training. 
When: Training must have been completed within the previous 12 months of the submission of a proposal.
NOT-OD-25-133: Requirement to Train Senior/Key Personnel on Other Support Disclosure Requirements.
Department of Agriculture (USDA)July 8, 2025
(issued, effective within 30 days from issuance)		Who: All individuals listed on a USDA R&D or S&T proposal 
When: Training must have been completed within the previous 12 months of the submission of a proposal.
America First Memorandum for USDA Arrangements and Research Security

Questions: MeRTEC@maine.edu