Collapse to view only § 19037. Research security and integrity information sharing analysis organization

§ 19031. Office of Research Security and Policy
The Director shall maintain a Research Security and Policy office within the Office of the Director with not fewer than four full-time equivalent positions, in addition to the Chief of Research Security established pursuant to section 19032 of this title. The functions of the Research Security and Policy office shall be to coordinate all research security policy issues across the Foundation, including by—
(1) consulting and coordinating with the Foundation Office of Inspector General, with other Federal research agencies, and intelligence and law enforcement agencies, and the National Science and Technology Council, as appropriate, in accordance with the authority provided under section 1746 of the National Defense Authorization Act for Fiscal Year 2020 (Public Law 116–92; 42 U.S.C. 6601 note), to identify and address potential security risks that threaten research integrity and other risks to the research enterprise and to develop research security policy and best practices, taking into account the policy guidelines to be issued by the Director of the Office of Science and Technology Policy under section 19231 of this title;
(2) serving as a resource at the Foundation for all issues related to the security and integrity of the conduct of Foundation-supported research;
(3) conducting outreach and education activities for recipients on research policies and potential security risks and on policies and activities to protect intellectual property and information about critical technologies relevant to national security, consistent with the controls relevant to the grant or award;
(4) educating Foundation program managers and other directorate staff on evaluating Foundation awards and recipients for potential security risks;
(5) communicating reporting and disclosure requirements to recipients and applicants for funding;
(6) performing risk assessments, in consultation, as appropriate, with other Federal agencies, of Foundation proposals and awards using analytical tools to assess nondisclosures of required information;
(7) establishing policies and procedures for identifying, communicating, and addressing security risks that threaten the integrity of Foundation-supported research and development, working in consultation, as appropriate, with other Federal agencies, to ensure compliance with National Security Presidential Memorandum–33 (relating to strengthening protections of United States Government-supported research and development against foreign government interference and exploitation) or a successor policy document; and
(8) in accordance with relevant policies of the agency, conducting or facilitating due diligence with regard to applications for research and development awards from the Foundation prior to making such awards.
(Pub. L. 117–167, div. B, title III, § 10331, Aug. 9, 2022, 136 Stat. 1551.)
§ 19032. Chief of Research Security

The Director shall appoint a senior agency official within the Office of the Director as a Chief of Research Security, whose primary responsibility shall be to manage the office established under section 19031 of this title.

(Pub. L. 117–167, div. B, title III, § 10332, Aug. 9, 2022, 136 Stat. 1552.)
§ 19033. Reporting to Congress
(a) Report on resource needs
(b) Annual report on Office activities
(1) In general
Not later than one year after August 9, 2022, and annually thereafter, the Director shall submit to Congress a report on the activities carried out by the Office of Research Security, detailing—
(A) a description of the activities conducted by the Office, including administrative actions taken;
(B) such recommendations as the Director may have for legislative or administrative action relating to improving research security;
(C) identification and discussion of the gaps in legal authorities that need to be improved to enhance the security of institutions of higher education performing research supported by the Foundation; and
(D) information on Foundation Inspector General cases, as appropriate, relating to undue influence and security threats to research and development activities funded by the Foundation, including theft of property or intellectual property relating to a project funded by the Foundation at an institution of higher education.
(2) Form
(Pub. L. 117–167, div. B, title III, § 10333, Aug. 9, 2022, 136 Stat. 1552.)
§ 19034. Online resource
The Director shall develop an online resource hosted on the Foundation’s website containing up-to-date information, tailored for institutions and individual researchers, including—
(1) an explanation of Foundation research security policies;
(2) unclassified guidance on potential security risks that threaten research integrity and other risks to the research enterprise;
(3) examples of beneficial international collaborations and how such collaborations differ from foreign government interference efforts that threaten research integrity;
(4) best practices for mitigating security risks that threaten research integrity; and
(5) additional reference materials, including tools that assist organizations seeking Foundation funding and awardees in information disclosure to the Foundation.
(Pub. L. 117–167, div. B, title III, § 10334, Aug. 9, 2022, 136 Stat. 1552.)
§ 19035. Research awards

The Director shall continue to make awards, on a competitive basis, to institutions of higher education or non-profit organizations (or consortia of such institutions or organizations) to support research on the conduct of research and the research environment, including research on research misconduct or breaches of research integrity and detrimental research practices.

(Pub. L. 117–167, div. B, title III, § 10335, Aug. 9, 2022, 136 Stat. 1553.)
§ 19036. Authorities

In addition to existing authorities for preventing waste, fraud, abuse, and mismanagement of Federal funds, the Director, acting through the Office of Research Security and Policy and in coordination with the Foundation’s Office of Inspector General, shall have the authority to conduct risk assessments, including through the use of open-source analysis and analytical tools, of research and development award applications and disclosures to the Foundation.

(Pub. L. 117–167, div. B, title III, § 10336, Aug. 9, 2022, 136 Stat. 1553.)
§ 19037. Research security and integrity information sharing analysis organization
(a) Establishment
(b) Duties
The RSI-ISAO shall—
(1) serve as a clearinghouse for information to help enable the members and other entities in the research community to understand the context of their research and identify improper or illegal efforts by foreign entities to obtain research results, know how, materials, and intellectual property;
(2) develop a set of standard risk assessment frameworks and best practices, relevant to the research community, to assess research security risks in different contexts;
(3) share information concerning security threats and lessons learned from protection and response efforts through forums and other forms of communication;
(4) provide timely reports on research security risks to provide situational awareness tailored to the research and STEM education community;
(5) provide training and support, including through webinars, for relevant faculty and staff employed by institutions of higher education on topics relevant to research security risks and response;
(6) enable standardized information gathering and data compilation, storage, and analysis for compiled incident reports;
(7) support analysis of patterns of risk and identification of bad actors and enhance the ability of members to prevent and respond to research security risks; and
(8) take other appropriate steps to enhance research security.
(c) Funding
(d) Membership
(1) In general
(2) Fees
(e) Board of directors
(f) Stakeholder engagement
In establishing the RSI-ISAO under this section, the Director shall take necessary steps to ensure the services provided are aligned with the needs of the research community, including by—
(1) convening a series of workshops or other multi-stakeholder events; or
(2) publishing a description of the services the RSI-ISAO intends to provide and the requirements for membership in the Federal Register and provide an opportunity for submission of public comments for a period of not less than 60 days.
(Pub. L. 117–167, div. B, title III, § 10338, Aug. 9, 2022, 136 Stat. 1553.)
§ 19038. Plan with respect to controlled information and background screening
(a) In general
Not later than 180 days after August 9, 2022, the Director, in consultation with the Director of National Intelligence and, as appropriate, other Federal agencies, shall develop a plan to—
(1) identify research areas supported by the Foundation, including in the key technology focus areas, that may involve access to controlled unclassified or classified information, including in the key technology focus areas; and
(2) exercise due diligence in granting access, as appropriate, to the CUI or classified information identified under paragraph (1) to individuals working on such research who are employees of the Foundation or covered individuals on research and development awards funded by the Foundation.
(b) Definitions
In this section:
(1) Classified information
(2) Controlled unclassified information
(Pub. L. 117–167, div. B, title III, § 10339, Aug. 9, 2022, 136 Stat. 1554.)
§ 19039. Foundation funding to institutions hosting or supporting Confucius Institutes
(a) Confucius Institute defined
(b) Restrictions of Confucius Institutes
(c) Waiver
The Director, after consultation with the National Academies, may issue a waiver for an institution of higher education that maintains a contract or agreement between the institution and a Confucius Institute if such contract or agreement includes clear provisions that—
(1) protect academic freedom at the institution;
(2) prohibit the application of any foreign law on any campus of the institution;
(3) grant full managerial authority of the Confucius Institute to the institution, including full control over what is being taught, the activities carried out, the research awards that are made, and who is employed at the Confucius Institute; and
(4) prohibit co-location with the institution’s Chinese language, history, and cultural programs and require separate promotional materials.
(d) Special rule
(1) In general
(2) Exception
(e) Effective date
(f) Sunset
(Pub. L. 117–167, div. B, title III, § 10339A, Aug. 9, 2022, 136 Stat. 1555.)
§ 19040. Foreign financial support
(a) In general
(b) Records
Each disclosure to the Director under this section shall be made on the condition that the institution will maintain a true copy of the relevant records subject to the disclosure requirement until the latest of—
(1) the date that is four years after the date of the agreement;
(2) the date on which the agreement terminates; or
(3) the last day of any period that applicable State public record law requires a true copy of such agreement to be maintained.
(c) Documentation
(d) Office of the Inspector General
The Director, acting through the Office of Research Security and Policy in coordination with the Foundation’s Office of Inspector General and in consultation with the recipient institution, may reduce the award funding amount or suspend or terminate the award if the Director determines—
(1) such institution fails to comply with the records retention requirement in subsection (b) or fails to provide information requested under this section; or
(2) the Chief of Research Security determines the disclosures under this section indicate a threat to research security.
(Pub. L. 117–167, div. B, title III, § 10339B, Aug. 9, 2022, 136 Stat. 1556.)