Research Security Program (RSP)

A padlock appears while a man uses a computer.

The research security program (RSP) at MUSC aims to provide ongoing support to researchers to continue and enhance international research affiliations, engagements, and collaborations. The Office of the Vice President for Research (VPR) works in partnership with the Office of Compliance, Office of General Counsel, and the Information Security Office to ensure that federally funded research activity at MUSC meets evolving federal mandates for the creation of a “research security program.” The research security program, mandated by National Security Presidential Memorandum-33 (NSPM-33) (PDF), is required by federal funding agencies for research organizations that receive more than $50 million annually in Federal research funding. In response to the increasing need to protect federally funded research from undue foreign influence, NSPM-33 aims to establish security, clarity, and consistency as institutions work to protect American national security while promoting openness in the research community. The NSPM-33 outlined five (5) key areas (PDF) to strengthen the US research enterprise.

  1. Disclosure requirements and standardization
  2. Digital persistent identifiers
  3. The consequences for violation of disclosure requirements
  4. Information sharing
  5. Research security

NSPM-33’s requirements will apply to all federally funded research at MUSC.

What does this mean for MUSC Research?

The federal government requires qualifying research organizations to establish research security programs, issuing formal requirements with any new or modified university process or policy to follow. In February 2023, the subcommittee on Research Security and National Science and Technology Council under the Office of Science Technology Policy (OSTP) published draft standards for research security programs. These standards address four (4) primary elements that must be included in a compliant research security program:

  1. Foreign travel security
  2. Research security training
  3. Export control training
  4. Cybersecurity

A multi-disciplinary MUSC team is currently evaluating its existing policies and programs as well as monitoring the final federal requirements in order to establish and maintain a compliant research security program.

During the implementation phase, the VPR office will establish an educational program to address requirements for research security and export control training. A review of foreign travel policies will occur in collaboration with Global Health and other relevant offices. The VPR will work with IS to review systems used in federal research activities to ensure compliance with cybersecurity requirements. These efforts will be communicated to the research community as program implementation occurs. Based on current guidance, it is anticipated that compliance with the standards will be required one (1) year after final guidance has been published.

Foreign Travel Security

Currently, the MUSC Travel Authorization Policy requires prior approval for international travel activities. Employees must also register international travel plans with the Office of Global Health using the MUSC Travel Registry. Additional programmatic aspects of the research security program, such as travel security briefings or loaner electronic devices may be required in the final agency guidance. The VPR will work with appropriate offices to update relevant travel policies, develop processes to address RSP requirements, and disseminate information, as required.

Additional Links:

Research Security Training

The VPR office will onboard a formal research security training program based on final agency guidance. The research training will enhance awareness and provide the research community with information on existing and emerging risks and threats to the research enterprise as well as promote resources necessary to protect against risks and threats. MUSC will track training efforts and report outcomes as part of the annual research security program certification process.

Export Control Training

The Office of Research and Sponsored Programs (ORSP) provides support and resources to assist faculty and staff with Export Control Compliance.

Export controls are usually implicated when the research, or research tool or equipment, has military or certain dual military and commercial application. Certain university activity may also be restricted by U.S. economic sanctions.

Export Controls:

  • Activities involving actual export or transmission from the U.S. to a foreign destination of information, technologies, and commodities.
  • Release of export-controlled information or technology to Foreign Persons in the U.S. or abroad commonly referred to as deemed exports.
  • Activities involving entities or individuals listed on restricted or prohibited party lists.
  • Activities or transactions in countries or involving nationals of countries against whom the U.S. has placed economic and trade-related embargoes.

Research activities which fall into the categories listed above should be reviewed by the ORSP during the grant submission and/or post approval process to ensure full compliance with export control requirements.

Cybersecurity

The Information Security Office provides support and resources to assist faculty and staff in accomplishing research activities while maintaining reliable security protocols and safeguards. The Information Security Office will work with research leadership to develop and/or expand its current cyber security program to include appropriate data security training, consulting services, and the protection of research security data covered by NSPM-33.

Additional Links:

Additional Resources: