RESEARCH SECURITY PROGRAM
Mass General Brigham’s Research Security Program was developed in response to National Security Presidential Memorandum (NSPM)-33, which mandates research organizations that receive federal funds in excess of $50 million per year to maintain a research security program to protect against foreign government interference. The four elements of a research security program required by NPSM-33 are cybersecurity, foreign travel security, research security training, and export control training.
As specified in NSPM-33 final implementation guidance, Mass General Brigham’s research security program includes the following required components:
-
Cybersecurity
-
Foreign Travel
-
Export Controls
-
Security Training
-
International Collaborations
Cybersecurity involves the complex processes of securing Mass General Brigham’s information assets. As part of the larger Mass General Brigham Enterprise Information Security & Privacy Office, Digital Research Operations supports our academic and research mission by ensuring that the confidentiality, integrity and availability of our research data are protected. A full list of their services and guidance for researchers can be found on their Digital Research Operations website.
Data sharing is an essential component of the scientific process. Research data generated within a Mass General Brigham institution or on behalf of a Mass General Brigham institution are owned by that institution and subject to institutional data sharing and retention policies. Visit our Data Sharing and Collaboration page to learn more.
A breach is the unauthorized acquisition, access, use, or disclosure of data by unauthorized persons. When a potential breach of research data has occurred or when notification of a breach is received from a research sponsor, vendor, or collaborator, the PI has various reporting obligations. Visit our Breach Response Guidelines for Researchers page to learn more.
Certain federal contracts/subcontracts include security requirements for information systems. To learn more about how to determine if your contract is subject to these terms and what to do, visit our Information Systems Security Requirements page.
Researchers with federal research funding will soon be required to complete foreign travel security training prior to traveling internationally. This training must be completed at least once every six years.
Mass General Brigham has many resources to support faculty and staff who are traveling internationally. The Mass General Brigham Travelsafe Program provides information and support to employees while traveling domestically or internationally on business related travel. It is highly recommended that all employees register with the Travelsafe Program before they travel.
Reminder: Research data generated within an Mass General Brigham institution or on behalf of an Mass General Brigham institution are owned by that institution. Original data may not be transferred from the Mass General Brigham institution. written PI authorization is required of all Mass General Brigham researchers when traveling internationally with research data and materials. Visit our Transporting Research Data page to learn more.
For employees who are traveling to a high-risk country, there are security controls that must be followed. The requirements are outlined in Mass General Brigham's Clean Laptop/Phone Program.
Certain international travel may also involve export control regulations depending on travel destination or the type of item or information that you take with you. The Mass General Brigham Export Controls Travel Guidance and FAQ for Researchers provides information researchers should consider before traveling abroad.
All Mass General Brigham employees and those acting on Mass General Brigham’s behalf are responsible for ensuring that Mass General Brigham conducts its activities in compliance with the requirements of U.S. export control laws and regulations and the rules and procedures set forth in MGB policies, procedures, and guidance documents.
Mass General Brigham has developed a comprehensive export controls training program to educate our researchers about the requirements and processes to ensure compliance with federal export control regulations. Visit our Export Controls page to learn more.
Dual Use Research of Concern (DURC) is defined by the federal government as biological research that could be misapplied to pose a significant threat to public health and safety or national security. Visit our DURC page to learn more.
The actual transport or shipment of materials is subject to a variety of state, local, and federal regulations that control how the materials are stored, packaged, and shipped and have been put in place to protect public safety. Visit our Sharing Biological Material page to learn more.
Researchers with federal research funding will soon be required to complete research security training. Research security training is a critical component of our research security program. We are still awaiting the final guidance from the Office of Science and Technology Policy (OSTP) on content requirements for the training. Once received, we will finalize and implement our training program. We will update this page as more information becomes available.
Mass General Brigham acknowledges the critical importance of international collaboration and scholarship to further knowledge and innovation. While we value international relationships that foster openness and transparency, we must recognize and mitigate threats posed by improper foreign influence. We have developed policies and guidance to help our research community navigate the complex regulations governing international collaborations.
The federal government has published guidelines outlining regulations and prohibitions related to Foreign Talent Recruitment Programs (FTRP). The CHIPS and Science Act of 2022 prohibits recipients of federal funding from participating in a Malign Foreign Talent Recruitment Program (MFTRP) and requires covered individuals to disclose all participation in FTRP. Visit our Foreign Talent Recruitment Programs page to learn more.
Exclusion screening is the process by which a non-U.S. individual or entity is reviewed against government-issued restricted party lists to ensure they have not been sanctioned, barred, or excluded from participation and collaboration with US organizations. Visit our Exclusion Screening page to learn more.
The Foreign Corrupt Practices Act (FCPA) prohibits U.S. persons and entities from making payments to foreign government officials to assist in obtaining or retaining business. Visit our FCPA page to learn more and request training.
If you are conducting research with existing or future international collaborations or data sharing, visit our GDPR page to learn more about EU General Data Protection Regulations.
FEDERAL REGULATIONS REGARDING RESEARCH SECURITY
The U.S. government has enacted the following directives and regulations regarding disclosures, research security training, and research security program requirements:
- National Security Presidential Memorandum (NSPM)-33and Implementation Guidance
- Released January 2021
- Requires all federal funding agencies to strengthen and standardize disclosure requirements for federally funded awards
- Requires the creation of a research security program for institutions that receive in excess of $50 million dollars in federal funds per year.
- CHIPS and Science Act
- Enacted 2022
- Mandates research security provisions including certification of no involvement in Maligned Foreign Talent Recruitment Programs (MFTRP)
FEDERAL AGENCY IMPLEMENTATION GUIDELINES
Below are the available guidelines published by the individual federal agencies. We will continue to update this site as more guidance becomes available.
National Science Foundation
National Institutes of Health