Federal regulations around Research Security are evolving. To comply with these new requirements, all researchers are required to take Cornell's updated training on Research Security. This course is assigned to all researchers who are named or paid on sponsored research funding and must be completed within 30 days of assignment. The updated course satisfies current research security training requirements for the National Science Foundation, the U.S. Department of Defense, the U.S. Department of Energy, the National Institutes of Health, and the institutional requirements set forth in National Security Presidential Memorandum 33 (NSPM-33).

Important for NSF proposals: Beginning Oct. 10, 2025, Cornell will be unable to submit a proposal to NSF until all PIs, Co-PIs, and key personnel on the proposal have completed the updated course.

Important for NIH researchers: Effective Oct. 1, 2025 all faculty and researchers identified as Senior/Key Personnel on an NIH-funded project must have completed CU601 prior to submitting an Other Support document to NIH, including submission via just-in-time and research performance project reports (RPPRs).

Take Cornell's Research Security Training

Since 2019, the federal government has imposed a series of research security regulations. The details about what these regulations require continue to evolve. Cornell partners with researchers to ensure that all activities are conducted compliantly. Topics relevant to research security include foreign talent programs; export controls considerations; proper and timely disclosures of outside activities, in-kind and other support, and foreign travel; data and cybersecurity; and others.

Cornell's Commitment to International Collaboration

It's important to remember that foreign nationals who are part of the Cornell community as faculty, staff, students, and postdocs are not the target of any of these changing regulations. NSPM-33 guidance includes many "shoulds" but there is one important "must": 

"It is essential that the policies and consequences must be applied without discrimination in any way, including with respect to national origin or identity.”

Essentials at a Glance

Cornell faculty and staff should expect the following as part of our shared responsibilities to safeguard our work. Contact the Research Security Officer with questions. 


Continued Focus
DisclosuresComplete and accurate disclosures of all outside activities (paid and unpaid), in-kind and other support, and foreign travel are of the utmost importance.

Log into RASS to complete disclosures. 
Export ControlsAll international shipments and use of controlled technology must be pre-approved by the Export Control Office.
TrainingNumerous federal mandates for training are covered in Cornell’s updated Research Security course which is live in Workday Learning as of September 2, 2025.

Required for all researchers.

Recent Updates
Foreign TravelRequirements that some or all foreign travel be pre-approved.
Malign Foreign Talent ProgramsStrictly prohibited. See details
Foreign Countries of ConcernAll engagements with individuals or entities in China, Russia, Iran, or North Korea must be reviewed by the Research Security office.

Expected Updates
CybersecurityNew federal requirements impacting the security of devices used on awards.

 

Cornell is well positioned to address evolving requirements and is looking forwarding to partnering with researchers to ensure all obligations are met.


How does Cornell partner with researchers to address federal requirements?

  • Strives to be proactive—smooths the way for effective compliance.
  • Actively monitors regulations. Consults with peers. Engages with professional associations.
  • Collaborates internally across offices and areas of expertise (OVPIA, OVPRI, OSP, CTL, ORIA…)
  • Improves Cornell policies as required and provides guidance on the Research Services website.
  • Collects information from researchers using central systems to reduce burden as much as possible. (Conflict of Interest; RASS; etc.)
  • Screens entities against restricted party lists.
  • Alerts from RASS for sponsored projects, for example if a project involves an entity located in a foreign country of concern.