IARPA Implementation of NSPM-33

IARPA is implementing the research security policy of National Security Presidential Memorandum-33 (NSPM-33)[1]. This policy directs federal sponsors of research and development (R&D) to assess whether participants in proposed R&D have potential foreign conflicts of interest or conflicts of commitment that pose risks to the security of the R&D. The goal is to identify any such risks and mitigate these risks where possible prior to being considered for award.

NSPM-33 requires “covered individuals” to submit two types of disclosure forms prior to being considered for award. These forms consist of 1) biographical sketches for key personnel and 2) data on current and pending support.  IARPA has elected to adopt the common forms developed by the Office of Science and Technology Policy (OSTP) and currently maintained by the National Science Foundation (NSF) for both the biographical sketch and current and pending support disclosures. In the future, “covered institutions” (further described below) must certify that they have a research security program (RSP) consistent with the guidance published by OSTP[2].  IARPA is partnering with the NSF to certify RSP compliance of covered institutions.

Covered Individuals

IARPA designates “covered individuals” as “key personnel” on an R&D proposal who meet the following criteria:

An individual who contributes in a substantive, meaningful way to the scientific development or execution of the proposed R&D, and

Is employed or compensated by the entity submitting the proposal or its subcontractors

Covered individuals typically include Program Managers (PM), Principal Investigators (PI), Project Managers (PM), and paid research staff, etc.

Some key elements of the NSF biographical sketch disclosure common form [3] for covered individuals include:

Identifying Information, Position Title, Organization and Location Name

Professional Preparation

Appointments and Positions

Products

Certify the individual is not part of a Malign Foreign Talent Recruitment Program

Some key elements of the NSF current and pending support disclosure common form [4] for covered individuals include:

Identifying Information, Position Title, Organization and Location Name

List of Proposals and Active Projects (both current and pending):

Title

Status of Support

Source of Support

Primary Place of Performance

Proposal/Active Project Start/End Dates

Total Anticipated Proposal/Project Amount in US Dollars

Person-Month(s)

Overall Objectives:

Statement of Potential Overlap with other projects

List of All In-Kind Contributions, if any (both current and pending):

Type and Status of Support

Receipt Date

Source of Support:

Person-Month(s)

US Dollar Value

Overall Objectives

Statement of Potential Overlap

Certify the individual is not part of a Malign Foreign Talent Recruitment Program

IARPA will use a 3-tiered risk assessment model to evaluate covered individual disclosures for foreign conflicts of interest or conflicts of commitment that may indicate potential undue foreign influence, and other risk factors relating to professional and financial activities.  

Low Risk: No Risk Mitigation Required for Award

Medium Risk: Risk Mitigation Plan Recommended for Award

High Risk: Risk Mitigation Not Possible, Not Recommended for Award

IARPA requires completed disclosure forms to be submitted with each proposal. When medium risk is identified for a performer being considered for an award, IARPA will work with potential performer prior to award to mitigate the identified risk through a mutually acceptable risk mitigation plan.  

If IARPA receives a proposal to a Broad Agency Announcement (BAA), or any other solicitation, without the required disclosures, or the disclosure forms contain inaccurate or incomplete information, IARPA may determine that the proposal is not compliant and reject the submission, eliminating it from further consideration. IARPA also reserves the right to request further clarification or detail from potential performers regarding their disclosures or certifications before making the final determination on risk.

Covered Institutions

OSTP issued additional guidelines[5] in July, 2024 defining “covered institutions” as entities who meet the following criteria:

An institution of higher education, a federally funded research and development center (FFRDC), or a nonprofit research institution, and

Receives in excess of $50 million per year in FY22 constant dollars (3-year average)

Many institutions participating in IARPA funded R&D meet these criteria. Please note that all covered institutions must certify that they have 1) a compliant policy regarding foreign talent recruitment programs (FTRP) and malign foreign talent recruitment programs (MFTRP) pursuant to Sections 10631 and 10632 of the CHIPS and Science Act of 2022[6] and that 2) no covered individuals (as designated above) in the proposal are part of such a program. IARPA requires these completed certifications to be submitted with each proposal.

In the future, covered institutions must also certify in writing or electronically that they have a fully-compliant RSP. The RSP must address four separate areas:

Cybersecurity

Foreign Travel Security

Research Security Training

Export Control Training

While OSTP’s current guidance offers multiple ways for a covered institution to satisfy the RSP requirements, this guidance is still under review by NSF, who has a leadership role in implementing the administration of RSP certification. Please note that IARPA will be adopting NSF’s final guidance for validating RSP certification (see NSF’s website for additional information on the RSP requirements). Since the RSP certification deadline has yet to be finalized, IARPA will accept proposals from covered institutions in the process of implementing RSPs, but which are not yet certified as NSPM-33 compliant. 

Additional Research Security Resources

Some of the key disclosure requirements for proposers seeking IARPA sponsored Research and Development awards have been referenced above. However, the following links provide a compact list of general resources addressing evolving US research security policy and countering undue foreign influence.

Office of the Director of National Intelligence Research Security Resources

National Science Foundation Research Security Training

National Security Presidential Memorandum 33

Office of Science and Technology Policy NSPM-33 Implementation Guidance

Office of Science and Technology Policy NSPM-33 Guidelines for Federal Research Agencies Regarding Foreign Talent Recruitment Programs

The CHIPS and Science Act of 2022

Office of Science and Technology Policy, Guidelines for Research Security Programs at Covered Institutions

1 2021, OSTP NSPM-33, Presidential Memorandum on United States Government-Supported Research and Development National Security Policy, National Security & Defense, Issued on: January 14, 2021 [Presidential Memorandum on United States Government-Supported Research and Development National Security Policy – The White House]

2 2022, Guidance for Implementing National Security, Presidential Memorandum 33 (NSPM-33), Report by the Subcommittee on Research Security, Issued January 2022 [010422-NSPM-33-Implementation-Guidance.pdf]

3 NSF Biographical Sketch Common Form [ https://www.nsf.gov/bfa/dias/policy/researchprotection/commonform_biographicalsketch.pdf ]

4 NSF Current and Pending (other) Support Common Form [ https://www.nsf.gov/bfa/dias/policy/researchprotection/commonform_cps.pdf ]

5 OSTP Guidelines for Research Security Program at Covered Institutions, July 9 2024 [OSTP-RSP-Guidelines-Memo.pdf]

6 2022 Chips and Science Act, Subtitle D—Research Security, [H.R.4346 - CHIPS and Science Act]