Research Security

Research Security at the University of Mississippi focuses on safeguarding research and ensuring it meets federal guidelines for handling confidential information.

What is research security?

A collaborative ecosystem is a critical part of scientific progress and international collaboration is an important aspect of the UM’s vision of being a leading force for innovation an opportunity in the state, nation, and the world. The UM strongly supports fostering a collaborative and welcoming environment for international science.

Unfortunately, select practices by some foreign governments have conflicted with the UM’s (and the USA’s) values and culture of open science, which has resulted in the U.S. scientific enterprise needing to implement new regulations, policies, and programs to ensure that international sciences continue to benefit the nation while minimizing risks to our economic and security interests.

Research security aims to create a secure environment to carry out fundamental scientific research, be conducive to innovation, collaboration, and the advancement of knowledge while minimizing the risks associated with unauthorized access, theft, or exploitation of research data, ideas, and assets.

The vital components to focus on to ensure research security compliance are: international travel, export control, cyber security, training & awareness, and international collaboration.

Why is it important?

It’s a changing environment, and new federal, state, and sponsoring agency rules, regulations, and guidance are being released very frequently. It covers areas that have been part of federal regulations for a long time (export control), areas of known shortcomings across our nation (cybersecurity), and previously not often discussed issues – international travel recommendations and limitations, as well as the importance of knowing your potential collaborator and visitor and the effect of your international collaboration on your future U.S. federal funding opportunities.

Regulatory Background

The most pertinent recent federal policy regarding research security, the National Security Presidential Memorandum 33 (NSPM-33) was released in early January, 2021. NSPM-33 was directed at strengthening research security in order to protect the U.S.’s investment in research and development (R&D). It directed federal agencies to develop policies to protect the R&D supported by federal money, in particular to prohibit investigators using federal money for R&D to be associated with malign foreign talent recruitment programs (MFTRPs). Not too long after, Congress codified NSPM-33 with the CHIPS & Science Act of 2022. In addition to providing additional federal funding for specific high-tech R&D (e.g. semiconductors), through this Act, Congress created NSF’s Office of Research Security and Policy. NSF and other federal agencies have been updating their policies to reflect the requirements of the CHIPS & Science Act, and best practices regarding Research Security. As the sponsoring agencies are adopting the new rules, a lot of changes should be expected in calls for proposals and in regards to what should be disclosed to the sponsor.

Select actions that have been already taken by the Congress and the executive branch to try to maintain the benefits of an open research ecosystem while attempting to protect it from federal threats:

NSPM-33 – Research Security
CHIPS & Science Act – among many, the Malign Foreign Talent Recruitment Program Participation Prohibition
DFARS compliance with NIST 800-171 – Controlled Unclassified Information (CUI)
New disclosure requirements from DOE, NIH, and NSF
DOD’s Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Learning, along with the 1286 List

Who to Contact at the UM

If you have any questions, or would like to have a chat, please reach out to Marta Panickar, the Director of Research Security at the Research Integrity, Security, and Compliance (RISC) Department of the Office of Research and Sponsored Programs (ORSP).

You can reach Marta by emailing mbp@olemiss.edu or umresearchsecurity@olemiss.edu, or calling her at (662) 915-8868.

Recent Updates & Highlights

For a full list of recent policy news and guidelines, visit our archive.

News Archive

Congressional Research Service, In Focus 12589

Congress and the executive branch have taken several actions to try to maintain the benefits of an open research ecosystem while attempting to protect it from external threats.

February 8, 2024

View.

Department of Defense Policy

The Department of Defense is strengthening efforts to counter unwanted foreign influence on DOD-funded research at institutions of higher education.

June 30, 2023

View.

Florida's Senate Bill 846

Florida’s Senate Bill 846 bans public state universities there from offering any assistantship of fellowship to students from China, Iran, Venezuela, Russia, Cuba, Syria, and North Korea.

July 1, 2023

View.

FAQs

What does the UM Research Security do?

The UM Research Security Office, under the Research Integrity, Security, and Compliance (RISC) Office provides the following:

Offers training in research security areas to various UM stakeholder, per request.
Conducts Restricted Party List screening of the following: international travel locations, international collaborators, international visitors, international companies from whom UM wants to procure items, international shipping, international contracts, international graduate students to be involved in restricted research.
Provides advice for other UM offices when their screenings result in a ‘hit’.
Provides risk assessment advice for potential international collaborations.

All of this information about research security sounds fascinating. Do you have any website recommendations where I could read more?

Research security is a very much evolving regulatory field right now, both domestically and internationally. Here are few website recommendations:

What is the process for reviewing restricted projects at the UM?

When projects with restrictions are identified by the ORSP’s SPA team at the time of contracting, the steps that follow include:

An ORSP Record of Export Control Review form is generated by the SPA’s contracting personnel and sent to the UM PI to assess applicability of export laws. The PI might respond that they didn’t expect there to be any export-controlled technologies involved, a concern that will be brought to the sponsor during contract negotiations.
If the export control related contractual clauses cannot be removed from the contract during negotiations then the SPA and UM Research Security, after consultation with the PI, will perform a review and analyze whether it is feasible for research to proceed.
If the project proceeds, applicable management plans (e.g. Technology Control Plan, System Security Plan, etc.) will be drafted and implemented to ensure compliance.
UM Research Security will monitor the project for compliance with the management plans.

What are some grant/contract clauses to look for that carry export control ramifications?

The Sponsored Projects Administration (SPA) Office at the ORSP works to identify sponsored agreements with provisions that may carry export control ramifications, and to negotiate these provisions out of the applicable agreement whenever possible. That said, investigators and other research personnel can play an important role in identifying problematic clauses. Examples of some of these clauses include:

DFARS 252.204-7000 (Disclosure of Information)
“(a) The Contractor shall not release to anyone outside the Contractor’s organization any unclassified information…”
DFARS 252.204-7012 (Safeguarding Covered Defense Information and Cyber Incident Reporting)
“(b) The Contractor shall provide adequate security on all covered contractor information systems… subject to the security requirements in National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171”.
DFARS 252.204-7019 (Notice of NIST SP 800-171; DoD Assessment Requirements)
“(b) If the Offeror is required to implement NIST SP 800-171, the Offeror shall have a current assessment (i.e., not more than 3 years old…) for each covered contractor information system”.
DFARS 252.204-7020 (NIST SP 800-171; DoD Assessment Requirements)
“(b) Covered contractor information systems… are required to comply with the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, in accordance with Defense Federal Acquisition Regulation System (DFARS) clause at 252.204-7012”.
DFARS 252.204-7021 (Cybersecurity Maturity Model Certification Requirements)
“(b) The Contractor shall have a current (i.e. not older than 3 years) CMMC certificate at the CMMC level required by this contract and maintain the CMMC certificate at the required level for the duration of the contract.”

Research Security Advisory Committee

Anne Cafer, College of Liberal Arts, Associate Dean for Research and Associate Professor
Ikhlas Khan, School of Pharmacy and NCNPR, Director and Distinguished Professor
Blair McElroy, Office of Global Engagement, Senior International Officer and Director of Study Abroad
Barbara Neyses, School of Pharmacy, Associate Dean
Marta Panickar, ORSP Research Integrity, Security and Compliance (RISC) Office, Director of Research Security
Glenn Walker, School of Engineering, Associate Dean for Research and Professor
LaTonya Weekly, National Center for Physical Acoustics (NCPA), Business Manager

Contact Us

If you have any research security related concerns, please reach out to Marta Panickar at 662.915.8868 or mbp@olemiss.edu.