Overview of OSTP Guidelines for Research Security Programs at Covered Institutions

The OSTP Research Security Program Guidelines, released July 9, 2024, establish four required elements for research security compliance—cybersecurity, foreign travel security, research security training, and export control training—at institutions exceeding a $50 million annual federal R&D threshold, with detailed timetables for agency and institutional implementation. The Guidelines promote uniformity and flexibility, referencing existing statutory definitions and encouraging consideration of administrative burden, particularly for less-resourced institutions, but allow agencies latitude in implementation and lack specificity in some areas still under federal development, such as training modules and certification mechanisms. Additional requirements may be imposed by agencies under specified circumstances and must consider impact, particularly for varying institution sizes, while emphasizing nondiscrimination and support for institutional flexibility and efficiency.