NASA Research Security Training Requirements Explained

Overview

The landscape of federally funded research is changing fast. With the release of NASA GIC 26‑02, Research Security Requirements, NASA has formally implemented new research security training and certification obligations for individuals and institutions seeking NASA grants or cooperative agreements. These requirements stem directly from Section 10634 of the CHIPS and Science Act of 2022, which mandates government‑wide research security training for personnel involved in federally funded research.

If your organization applies or plans to apply for NASA funding, you’ll need to understand what’s changing, who is affected, and how to stay compliant. Here’s a clear breakdown of the key points.

Why NASA Is Implementing Research Security Training

Section 10634 of the CHIPS and Science Act requires federal agencies to ensure that individuals participating in federally funded research complete research security training within 12 months prior to proposal submission. NASA’s new policy aligns with this mandate and aims to strengthen the integrity, transparency, and security of U.S. research.

The training is designed to help researchers recognize and mitigate risks related to:

• Cybersecurity
• International collaboration and travel
• Foreign interference
• Proper use of federal funds
• Disclosure requirements
• Conflicts of interest and commitment

These topics reflect the growing need for researchers to navigate a complex global research environment responsibly.

Who Counts as a “Covered Individual?”

NASA defines covered individuals as:

• Principal Investigators (PIs) — regardless of level of effort
• Co‑Principal Investigators (CoPIs) — regardless of level of effort
• Co‑Investigators (Co‑Is) who will spend 10% or more of their time on a NASA‑funded project

NASA may also designate additional personnel as covered individuals on a project‑specific basis, and such designations will appear in Notices of Funding Opportunities (NOFOs).

If you fall into one of these categories, you will be required to complete research security training and certify completion.

Certification Requirements for Individuals

Beginning August 5, 2026, covered individuals listed on any NASA grant or cooperative agreement proposal must certify that they have completed compliant research security training within the previous 12 months, via NASA’s biographical sketch and current/pending support forms.

This requirement also applies to individuals who join a NASA‑funded project after the award is issued.

The certification statement is straightforward:

“I certify that I have completed the requisite research security training that meets the requirements specified in NASA’s research security training requirements policy within 12 months prior to proposal submission.”

Certification Requirements for Institutions

Applicant institutions must also certify that all covered individuals they employ have completed the required training. This certification is submitted through NASA’s NSPIRES system by the organization’s Authorized Organizational Representative (AOR).

This dual‑certification structure, individual and institutional, ensures accountability at every level of the research enterprise.

What Training Is Acceptable?

NASA allows flexibility in how researchers meet the training requirement. Acceptable training must address the core topics outlined in 42 U.S.C. 19234, including cybersecurity, foreign interference, disclosure rules, and more.

NASA explicitly recognizes:

• The four research security training modules developed by NSF, NIH, DOE, and DoD are available on the NSF Research Security Training website
• The SECURE Center condensed module, which covers the same core content

Researchers and institutions may also use other training that meets the statutory requirements.

How CITI Program Supports Research Security Compliance

As research organizations prepare for the August 2026 effective date, many are looking for trusted, comprehensive training solutions. CITI Program has long been a leader in research ethics, compliance, and security education. Our Research Security training is designed to help institutions meet federal expectations with confidence.

Specifically, the CITI Program offers the four research security training modules as well as the SECURE Center condensed module and updates these accordingly when new versions are released.

For organizations seeking a reliable, scalable solution, CITI Program offers a clear path to compliance.

When Do These Requirements Take Effect?

NASA’s research security training and certification requirements become effective August 5, 2026. Institutions should begin preparing now by:

• Identifying covered individuals
• Establishing internal processes for tracking training completion
• Selecting a compliant training provider
• Updating proposal preparation workflows

Early preparation will help ensure smooth compliance once the requirements go live.

Final Thoughts

NASA’s adoption of research security training requirements marks a significant step in strengthening the integrity of federally funded research. As agencies across the federal government implement similar policies, research institutions will need scalable, high‑quality training solutions that meet evolving expectations.

CITI Program is committed to supporting the research community through these changes with trusted, comprehensive Research Security training that aligns with federal requirements.

If your organization is preparing for NASA’s new requirements or simply wants to enhance its research security posture, now is the time to get started.