Research Security
Research Security at the University of Mississippi focuses on safeguarding research and ensuring it meets federal guidelines for handling confidential information.
What is research security?
A collaborative ecosystem is a critical part of scientific progress and international collaboration is an important aspect of the UM’s vision of being a leading force for innovation and opportunity in the state, nation, and the world. The UM strongly supports fostering a collaborative and welcoming environment for international science.
Unfortunately, select practices by some foreign governments have conflicted with the UM’s (and the USA’s) values and culture of open science, which has resulted in the U.S. scientific enterprise needing to implement new regulations, policies, and programs to ensure that international sciences continue to benefit the nation while minimizing risks to our economic and security interests.
Research security aims to create a secure environment to carry out fundamental scientific research, be conducive to innovation, collaboration, and the advancement of knowledge while minimizing the risks associated with unauthorized access, theft, or exploitation of research data, ideas, and assets.
The vital components to focus on to ensure research security compliance are: international travel, export control, cyber security, training & awareness, and international collaboration.
Why is it important?
The academic research security field is changing rapidly as new federal, state, and sponsoring agency rules, regulations, and guidance are being released very frequently. Research security covers areas that have been part of federal regulations for a long time (export control), areas of known shortcomings across our nation (cybersecurity), and previously not often discussed issues – international travel recommendations and limitations, as well as the importance of knowing your potential collaborator and visitor and the effect of your international collaboration on your future U.S. federal funding opportunities.
Regulatory Background
The most pertinent recent federal policy regarding research security, the National Security Presidential Memorandum 33 (NSPM-33) was released in early January 2021. NSPM-33 was directed at strengthening research security in order to protect the U.S.’s investment in research and development (R&D). It directed federal agencies to develop policies to protect the R&D supported by federal money, in particular to prohibit investigators using federal money for R&D to be associated with malign foreign talent recruitment programs (MFTRPs). Not too long after, Congress codified NSPM-33 with the CHIPS & Science Act of 2022. In addition to providing additional federal funding for specific high-tech R&D (e.g. semiconductors), through this Act, Congress created NSF’s Office of Research Security and Policy. NSF and other federal agencies have been updating their policies to reflect the requirements of the CHIPS & Science Act, and best practices regarding Research Security. As the sponsoring agencies are adopting the new rules, a lot of changes should be expected in calls for proposals and in regards to what should be disclosed to the sponsor.
Select actions the Congress and the Executive Branch have taken to maintain the benefits of an open research ecosystem while attempting to protect it from federal threats:
- NSPM-33 – Research Security
- CHIPS & Science Act – among many, the Malign Foreign Talent Recruitment Program Participation Prohibition
- DFARS compliance with NIST 800-171 – Controlled Unclassified Information (CUI)
- New disclosure requirements from DOE, NIH, and NSF
- DOD’s Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Learning, along with the 1286 List
Who to Contact at the UM
If you have any questions, or would like to have a chat, please reach out to Marta Panickar, the Director of Research Security at the Research Integrity, Security, and Compliance (RISC) Department of the Office of Research and Sponsored Programs (ORSP).
You can reach Marta by emailing mbp@olemiss.edu or umresearchsecurity@olemiss.edu, or calling her at (662) 915-8868.
FAQs
The UM Research Security Office, under the Research Integrity, Security, and Compliance (RISC) Office provides the following:
- Offers training in research security areas to various UM stakeholders, per request.
- Conducts Restricted Party List screening of the following: international travel locations, international collaborators, international visitors, international companies from whom UM wants to procure items, international shipping, international contracts, international graduate students to be involved in restricted research.
- Provides advice for other UM offices when their screenings result in a ‘hit’.
- Provides risk assessment advice for potential international collaborations.
Research security is a very much evolving regulatory field right now, both domestically and internationally. Here are few website recommendations:
When projects with restrictions are identified by the ORSP’s SPA team at the time of contracting, the steps that follow include:
- An ORSP Record of Export Control Review form is generated by the SPA’s contracting personnel and sent to the UM PI to assess applicability of export laws. The PI might respond that they didn’t expect there to be any export-controlled technologies involved, a concern that will be brought to the sponsor during contract negotiations.
- If the export control related contractual clauses cannot be removed from the contract during negotiations then the SPA and UM Research Security, after consultation with the PI, will perform a review and analyze whether it is feasible for research to proceed.
- If the project proceeds, applicable management plans (e.g. Technology Control Plan, System Security Plan, etc.) will be drafted and implemented to ensure compliance.
- UM Research Security will monitor the project for compliance with the management plans.
The Sponsored Projects Administration (SPA) Office at the ORSP works to identify sponsored agreements with provisions that may carry export control ramifications, and to negotiate these provisions out of the applicable agreement whenever possible. That said, investigators and other research personnel can play an important role in identifying problematic clauses. Examples of some of these clauses include:
- DFARS 252.204-7000 (Disclosure of Information)
“(a) The Contractor shall not release to anyone outside the Contractor’s organization any unclassified information…” - DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting)
“(b) The Contractor shall provide adequate security on all covered contractor information systems… subject to the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171”. - DFARS 252.204-7019 (Notice of NIST SP 800-171; DoD Assessment Requirements)
“(b) If the Offeror is required to implement NIST SP 800-171, the Offeror shall have a current assessment (i.e., not more than 3 years old…) for each covered contractor information system”. - DFARS 252.204-7020 (NIST SP 800-171; DoD Assessment Requirements)
“(b) Covered contractor information systems… are required to comply with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, in accordance with Defense Federal Acquisition Regulation System (DFARS) clause at 252.204-7012”. - DFARS 252.204-7021 (Cybersecurity Maturity Model Certification Requirements)
“(b) The Contractor shall have a current (i.e. not older than 3 years) CMMC certificate at the CMMC level required by this contract and maintain the CMMC certificate at the required level for the duration of the contract.”
Research Security Advisory Committee Members
- Anne Cafer, College of Liberal Arts, Associate Dean for Research and Associate Professor
- Ikhlas Khan, School of Pharmacy and NCNPR, Director and Distinguished Professor
- Blair McElroy, Office of Global Engagement, Senior International Officer and Director of Study Abroad
- Barbara Neyses, School of Pharmacy, Associate Dean
- Marta Panickar, ORSP Research Integrity, Security and Compliance (RISC) Office, Director of Research Security
- Glenn Walker, School of Engineering, Associate Dean for Research and Professor
- LaTonya Weekly, National Center for Physical Acoustics (NCPA), Business Manager
Contact Us
If you have any research security-related concerns, please reach out any time
Marta Panickar
Director of Research Security