Research Security Program

Securing and protecting research involves developing awareness of the potential domestic and international threats and implementing procedures and controls to reduce those risks.  This Research Security Program also implements the requirements described in National Security Presidential Memorandum-33 required by the federal government as a recipient of federal research funding. This webpage will be updated as new resources become available.

Cybersecurity

NSPM-33 Directive to Federal Agencies

Federal agencies should require the following from research organizations:

  • Provide regular cybersecurity awareness training for authorized users of information systems, including in recognizing and responding to social engineering threats and cyber breaches.
  • Limit information system access to authorized users, processes acting on behalf of authorized users, or devices (including other information systems).
  • Limit information system access to the types of transactions and functions that authorized users are permitted to execute.
  • Verify and control/limit connections to and use of external information systems.
  • Control any non-public information posted or processed on publicly accessible information systems.
  • Identify information system users, processes acting on behalf of users, or devices.
  • Authenticate (or verify) the identities of those users, processes, or devices, as a prerequisite to allowing access to organizational information systems.
  • Monitor, control, and protect organizational communications (i.e., information transmitted or received by organizational information systems) at the external boundaries and key internal boundaries of the information systems.
  • Implement subnetworks for publicly accessible system components that are physically or logically separated from internal networks.
  • Provide protection of scientific data from ransomware and other data integrity attack mechanisms.
  • Identify, report, and correct information and information system flaws in a timely manner.
  • Provide protection from malicious code at appropriate locations within organizational information systems.
  • Update malicious code protection mechanisms when new releases are available.
  • Perform periodic scans of the information system and real-time scans of files from external sources as files are downloaded, opened, or executed.

UCI's Implementation

As a researcher, maintaining good cybersecurity practices and understanding the appropriate level of security is necessary to protect the research.

Training: UCLC Cybersecurity Awareness Training

Resources:

Foreign Travel Security

NSPM-33 Directive to Federal Agencies

Federal agencies should require that research organizations:

  • Maintain international travel policies for faculty and staff traveling for organization business, teaching, conference attendance, research purposes, or any offers of sponsored travel that would put a person at risk.

    • Include an organizational record of covered international travel by faculty and staff and,
    • As appropriate, a disclosure and authorization requirement in advance of international travel, security briefings, assistance with electronic device security (smartphones, laptops, etc.), and preregistration requirements.

UCI's Implementation

Researchers should review the following resources in preparation for any foreign travel to avoid any loss or theft of data and determine if any documents or licenses are required.

Resources:

 

Research Security Training

NSPM-33 Directive to Federal Agencies

Agencies should require that, as part of their research security programs, research organizations provide training to relevant personnel on research security threat awareness and identification, including insider threat training where applicable. Research organizations should consider incorporating relevant elements of research security into existing training on responsible and ethical conduct of research for faculty and students. In addition to periodic training, research organizations should conduct tailored training in the event of a research security incident.

UCI's Implementation

Awaiting release of UCOP research security training module

Resources:

Export Control Training

NSPM-33 Directive to Federal Agencies

Agencies should require that research organizations conducting R&D that is subject to export control restrictions provide training to relevant personnel on requirements and processes for reviewing foreign sponsors, collaborators and partnerships, and for ensuring compliance with Federal export control requirements and restricted entities lists.

UCI's Implementation

Training is required to relevant personnel on requirements and processes for reviewing foreign sponsors, collaborators and partnerships, and for ensuring compliance with Federal export control requirements and restricted entities lists.

Training: Training & Policies

Resources: Export Control