IARPA is implementing the security policy of National Security Presidential Memorandum-33 (NSPM-33)[1]. This policy directs federal sponsors of research and development (R&D) to assess whether participants in proposed R&D have potential foreign conflicts of interest or conflicts of commitment that pose risks to the security of the R&D. The goal is to identify any such risks and mitigate these risks where possible prior to being considered for award.
NSPM-33 requires “covered individuals” to submit two types of disclosure forms prior to being considered for award. These forms consist of 1) biographical sketches for key personnel and 2) data on current and pending support. In addition, “covered institutions” must certify that they have a research security program (RSP) consistent with recent guidance published by the Office of Science and Technology Policy (OSTP)[2]. IARPA has elected to adopt the common forms developed by OSTP and currently maintained by the National Science Foundation (NSF) for both the biographical sketch and current and pending (other) support disclosures. IARPA is providing its own form to certify RSP compliance.
IARPA designates “covered individuals” as “key personnel” on an R&D proposal who meet the following criteria:
Covered individuals typically include Program Managers (PM), Principal Investigators (PI), Project Managers (PM), and paid research staff, etc.
Some key elements of the NSF biographical sketch disclosure common form[3] for covered individuals include:
Some key elements of the NSF current and pending support disclosure common form[4] for covered individuals include:
IARPA will use a 3-tiered risk assessment model to evaluate covered individual disclosures for foreign conflicts of interest or conflicts of commitment that may indicate potential undue foreign influence, and other risk factors relating to professional and financial activities.
IARPA requires completed disclosure forms to be submitted with each proposal. When medium risk is identified for a performer being considered for an award, IARPA will work with potential performer prior to award to mitigate the identified risk through a mutually acceptable risk mitigation plan.
If IARPA receives a proposal to a Broad Agency Announcement (BAA), or any other solicitation, without the required disclosures, or the disclosure forms contain inaccurate or incomplete information, IARPA may determine that the proposal is not compliant and reject the submission, eliminating it from further consideration. IARPA also reserves the right to request further clarification or detail from potential performers regarding their disclosures or certifications before making the final determination on risk.
OSTP issued additional guidelines[5] in July, 2024 defining “covered institutions” as entities who meet the following criteria:
Many institutions participating in IARPA funded R&D meet these criteria. In the future, these institutions must certify in writing or electronically that they have a fully-compliant RSP. The RSP must address four separate areas:
In OSTP’s July 9, 2024 guidelines, multiple ways are presented for a covered institution to meet these RSP requirements. At this time, IARPA will not reject proposals from covered institutions who are in the process of implementing NSPM-33 compliant RSPs; however, IARPA does require a covered institution to certify its awareness of this requirement, and provide a brief description of the progress to date in establishing the RSP[6], or certify that compliance is not required. After July 9, 2026, IARPA will require that covered institutions certify that they have a fully compliant RSP under NSPM-33 policy.
In addition, please note that all covered institutions must certify that they have 1) a compliant policy regarding foreign talent recruitment programs (FTRP) and malign foreign talent recruitment programs (MFTRP) pursuant to Sections 10631 and 10632 of the CHIPS and Science Act of 2022[7] and that 2) no covered individuals (as designated above) in the proposal are part of such a program. IARPA requires these completed certifications to be submitted with each proposal.
1 2021, OSTP NSPM-33, Presidential Memorandum on United States Government-Supported Research and Development National Security Policy, National Security & Defense, Issued on: January 14, 2021 [Presidential Memorandum on United States Government-Supported Research and Development National Security Policy – The White House]
2 2022, Guidance for Implementing National Security, Presidential Memorandum 33 (NSPM-33), Report by the Subcommittee on Research Security, Issued January 2022 [010422-NSPM-33-Implementation-Guidance.pdf]
3 NSF Biographical Sketch Common Form [https://www.nsf.gov/bfa/dias/policy/researchprotection/commonform_biographicalsketch.pdf]
4 NSF Current and Pending (other) Support Common Form [https://www.nsf.gov/bfa/dias/policy/researchprotection/commonform_cps.pdf]
5 OSTP Guidelines for Research Security Program at Covered Institutions, July 9 2024 [OSTP-RSP-Guidelines-Memo.pdf]
6 IARPA’s form to 1) certify an institution has an NSPM-33 compliant Research Security Program (RSP), or 2) describe progress in achieving RSP compliance [IARPA Certification form - Research Security Program.pdf]
7 2022 Chips and Science Act, Subtitle D—Research Security, [H.R.4346 - CHIPS and Science Act]
