- Why This Matters: Strengthening Research Security
- Who Must Complete the Training?
- How Certification Will Work for Individual Personnel
- Institutional Certification Requirements
- What Training Can Be Used?
- CITI Program’s Role in Research Security Training
- When Does the Requirement Become Mandatory?
- What Institutions Should Do Now
- Final Thoughts
The National Institutes of Health (NIH) has issued NOT-OD-26-017, a policy update outlining Research Security Training (RST) requirements for senior and key personnel on NIH grant applications. Based on the CHIPS and Science Act of 2022 (Public Law 117-167), these requirements changes aim to strengthen the security of federally funded research. The requirement is now optional, but NIH will enforce it for applications submitted for due dates on or after May 25, 2026. View the complete notice.
Why This Matters: Strengthening Research Security
Research security is a federal priority. The CHIPS and Science Act requires agencies like NIH to provide standardized training. This helps researchers and institutions understand risks related to:
- Cybersecurity
- International collaboration
- Foreign interference
- Proper use of federal funds
- Conflicts of interest and commitment
- Rules for disclosure and transparency
The NIH requires periodic training so that all senior and key personnel understand their responsibilities and can effectively safeguard research.
Who Must Complete the Training?
Section 10634 of the CHIPS and Science Act requires “covered individuals” (senior/key personnel) to complete RST. Individuals must complete Research Security Training within 12 months prior to submitting an NIH application.
How Certification Will Work for Individual Personnel
NIH does not collect Current & Pending (Other) Support at the time of application due to its Just-in-Time policy. NIH will collect RST certifications through the biographical sketch in SciENcv. This means:
- Each senior/key person listed on the application will certify completion of RST directly within their SciENcv biosketch.
- NIH will verify this certification at the time the application is submitted.
This approach streamlines compliance by integrating certification into existing documentation requirements.
Institutional Certification Requirements
The CHIPS and Science Act also places responsibilities on applicant institutions. Institutions must certify that each covered individual employed and listed on an application has completed RST. NIH will collect this certification through the Authorized Organization Representative’s (AOR) signature on the application face page. This ensures both individuals and institutions share responsibility for meeting federal research security expectations.
What Training Can Be Used?
NIH allows flexible training options. Institutions and researchers may use any program that addresses:
- Cybersecurity
- International collaboration
- Foreign interference
- Rules for proper use of funds
- Conflicts of commitment and interest
- Disclosure
NSF, in partnership with NIH, DOE, and DOD created four online RST modules. The SECURE Center subsequently created a condensed version of the RST modules. NIH states that completing either course meets its requirements.
CITI Program’s Role in Research Security Training
CITI Program offers NSF’s RST modules and the SECURE Center consolidated training module as part of its Research Security training series. CITI Program also provides several other research security training options. Institutions can use CITI Program’s guidance article to choose the right course.
When Does the Requirement Become Mandatory?
NIH published this notice early to give institutions time to prepare. The training is currently optional. The requirement is mandatory for NIH grant applications submitted for due dates on or after May 25, 2026. Individual and institutional certifications will be enforced beginning May 25, 2026.
What Institutions Should Do Now
To prepare, institutions should:
- Review current research security policies to ensure alignment with the CHIPS and Science Act.
- Select appropriate RST modules for faculty and staff.
- Adjust internal workflows to ensure senior/key personnel complete RST before application deadlines.
- Inform researchers about the upcoming requirement to certify RST completion within SciENcv.
- Train AORs and research administrators on institutional certification processes and responsibilities.
Proactive planning now will help prevent compliance problems when the requirement takes effect.
Final Thoughts
NIH’s RST requirements support efforts to strengthen research security. Early preparation will help institutions and researchers adjust smoothly in advance of enforcement in 2026. By staying informed, planning ahead, and prioritizing compliance, the research community can contribute to a secure and responsible environment, ensuring continued success and integrity in federally supported research.
