NSPM-33 Compliance
Research Security Program
The University of Kansas has a comprehensive One KU Research Security Program aligning with federal mandates, particularly National Security Presidential Memorandum-33 (NSPM-33), to safeguard research integrity, national interests, and institutional compliance. This program encompasses multiple components including compliance enforcement, cybersecurity, export control, foreign influence mitigation, and disclosure policies. Cybersecurity measures are robust and risk-based, incorporating the National Institute of Standards and Technology (NIST) Cybersecurity Framework, mandatory training, and continuous monitoring to protect institutional data and federally funded research. Disclosure policies align with NSPM-33, requiring standardized reporting of financial interests, time commitments, and foreign affiliations across all campuses. The program also includes strict export control procedures, foreign visitor vetting, and prohibitions on engagement with malign foreign talent programs. Researchers must maintain authenticated Open Researcher and Contributor ID (ORCID) profiles for digital persistent identifiers, and international travel is tightly regulated through a formal approval and risk mitigation process. The University also complies with federal requirements for reporting foreign gifts and contracts, reinforcing transparency and accountability. Collectively, these measures ensure a secure, compliant, and collaborative research environment that supports innovation while protecting against undue foreign influence.
Functional Areas
Compliance and Enforcement
The University of Kansas enforces research security through fair, federally aligned policies. Oversight is maintained through audits, training, and coordination with federal agencies to ensure ongoing compliance and protection of national interests.
Cybersecurity
The University of Kansas maintains a robust, risk-based cybersecurity program aligned with the NIST Cybersecurity Framework and NSPM-33 to protect federally funded research and institutional data. It includes strong access controls, mandatory training, continuous monitoring, and a formal incident response plan, all supported by regular assessments and recovery procedures to ensure resilience and compliance.
Digital Persistent Identifier
The University of Kansas requires Principal Investigators and Senior/Key Personnel to maintain authenticated ORCID profiles in compliance with NSPM-33 Digital Persistent Identifier (DPI) requirements. These profiles must include disclosures on affiliations, funding, and appointments, and be updated annually, with support provided by KU and KUMC Libraries.
Disclosure Requirements
The University of Kansas disclosure policies align with NSPM-33, requiring investigators to report financial interests, time commitments, and foreign affiliations using standardized federal forms. These policies apply consistently across all KU campuses and incorporate agency-specific guidance from NIH, NSF, and DOE. Expanded requirements also address institutional and inventor conflicts of interest, with access to information through centralized systems.
Export Control
The University of Kansas enforces export control policies aligned with NSPM-33 to protect sensitive technologies and data from unauthorized access or transfer. These policies apply to all individuals involved in federally funded research and require compliance with EAR, ITAR, and OFAC regulations. Training, oversight, and proposal reviews are provided to ensure adherence and mitigate risks of foreign influence.
Foreign Gifts
The University of Kansas complies with NSPM-33 by collecting and reporting foreign gifts, including those under $250,000, with biannual reports submitted for gifts over $250,000 as required by Section 117 of the Higher Education Act. This ensures transparency and adherence to federal disclosure standards.
Foreign Students, Visitors, and Talent Plans
The University of Kansas maintains policies and procedures that comply with NSPM-33 by mitigating risks from foreign government-sponsored talent programs and visitors. These include prohibitions on engagement with restricted entities, mandatory disclosures, due diligence checks, and centralized conflict-of-interest reporting. The measures aim to protect research integrity while supporting a collaborative and innovative academic environment.
Travel
The University of Kansas requires all international travel to be pre-approved through a structured workflow that includes safety and export compliance reviews and booked through Concur. Travelers must complete foreign travel security training, submit risk mitigation plans for high-risk destinations, and use loaner devices with secure virtual environments. These measures ensure compliance with federal regulations and protect university data during international travel.
Additional Resources
Insider Threat
An Insider Threat is a person who uses their access, or the access of others, to wittingly or unwittingly do harm to the University or its community. Harm to the University comes in many forms including theft of private or government funded research data, compromise of University IT systems, unauthorized access to University facilities and equipment; unauthorized disclosure of research data, techniques, and methodologies; and violent acts.
Controlled Unclassified Information
Controlled Unclassified Information, or CUI, is information the U.S. Government creates or possesses, or that an entity creates or possesses for or on behalf of the U.S. Government. The Cybersecurity Maturity Model Certification, or CMMC, is a Department of Defense initiative designed to strengthen Defense Industrial Base cybersecurity and better safeguard DoD information.
Still have questions?
Please contact GRS at GRS@ku.edu or call 785-864-0821.