This page provides the UMBC research community with timely announcements on changes to state, local, and federal requirements affecting research. Announcements are compiled from government and institutional sources, with practical context provided by the Office of Research Protections and Compliance. Our goal is to help faculty, staff, and students stay informed, understand implications for their work, and access the right resources to ensure continued compliance.
New Federal Research Security (RS) Training Requirement
Several federal agencies have taken steps to implement the Research Security (RS) training required out of NSPM-33 and the Chips and Science Act.
All key personnel on projects funded by the National Science Foundation (NSF), National Institutes of Health (NIH), U.S. Department of Defense (DOD), and U.S. Department of Energy (DOE) must now complete federally mandated research security training to strengthen the integrity and protection of U.S. funded research. Further, NIH issued NOT-OD-25-1255 which states all Senior/Key Personnel must complete research security training within 12 months of a proposed submission to be eligible for an (NIH) award. It is anticipated that all federal grant funding agencies will soon include research security training requirements. Therefore, UMBC is requiring all key personnel on federally funded (direct or flow through) sponsored proposals and awards complete this training.
How to Complete the Training:
1. Visit https://www.citiprogram.org
2. Log in or create an account
3. Affiliate with UMBC – if you have not already done so.
4. Enroll in the “Research Security Training Combined Course”
5. Complete all required modules
Frequently Asked Questions
Who must complete RS Training?
Anyone who is key on any federal proposal or award.
We are also recommending the training for anyone working on any sponsored award, as well as the RCA administrative community.
Please note, we do expect RS training requirements to expand, as federal and non-federal agencies follow NIH, NSF, DOD and DOE.
Why is RS training required?
Stemming from administrative direction provided to agencies via NSPM-33 and the Chips and Science Act, multiple federal agencies (NSF, DOE, NIH and DOD) have issued mandatory security training. It is anticipated that all federal agencies and non-federal sponsors will be issuing similar requirements.
When must RS training be completed?
As of 10/1/25 OSP will not submit a proposal or issue any award modification without the training completed. OSP will attempt to provide any flexibility allowed by the sponsor throughout 2025.
Each agency is implementing a bit differently. NSF and DOE require at proposal stage, NIH requires as Just in Time, or award stage. As such, we are requiring the training at the proposal stage for all sponsors.
Training renewals will be required every three (3) years. (Note: We are still verifying if NIH is requiring an annual renewal).
How long will it take me to complete the RS training?
CITI estimates the training will take about 60-90 minutes
How is the RS training being tracked?
The training is capture as part of your CITI training portfolio. It is also fed into Kuali where it will be attached to your Personal record in Kuali where all of your other RCA training is captured. At the proposal stage, your unit Administrative team will be able to confirm the training has been completed for anyone named on a proposal. OSP is required to officially certify the training is completed when the proposal is submitted. Your Administrative support will also be required to verify training when any key or named individuals are added to an award. It is critical that you utilize your UMBC login credentials to access the CITI training modules. Otherwise, your training will not feed to Kuali.
I am on a Technology Control Plan (TCP) that required me to take Export Control Training. Is that the same?
Unfortunately, it is not the same. Export Control Training does not cover all the topics associated with Research Security Training. Export Control is a component of Research Security.
I have taken PIRATE, does that satisfy as meeting the RS training requirement?
Not yet. We are working with CITI to move PIRATE from Blackboard to CITI. Once it has been moved, we are creating a link to the required RS training.
I have taken RCR training, does that satisfy as meeting the RS training requirement?
No. The RCR RS training is simply a short overview, but it does not cover the all the topics required by the federal agencies
Who can I contact if I have additional questions about this training requirement?
ORPC at researchintegrity@umbc.edu