U.S. NSTC NSPM-33 — National Security Presidential Memorandum 33: Research Security

Overview

U.S. NSTCNSPM-33 — National Security Presidential Memorandum 33 is a U.S.federal policy directive that strengthens research security andintegrity at institutions conducting federally funded research. Thememorandum establishes comprehensive requirements intended to protectsensitive research from foreign interference and promotetransparency, accountability, and responsible conduct within theresearch ecosystem.

Published by theWhite House and overseen by the National Science and TechnologyCouncil (NSTC), NSPM-33 applies to federal executive agencies,research institutions, and universities receiving federal researchfunding. It addresses key areas including cybersecurity controls,risk management procedures, disclosure requirements for conflicts ofinterest and foreign relationships, and oversight of researchpersonnel and data.

Organizationstypically implement NSPM-33 by updating internal policies, enhancingcybersecurity and data protection measures, improving due diligenceprocesses, and establishing programs for compliance oversight andrisk reporting. Many integrate NSPM-33 requirements with broaderframeworks such as NIST SP 800-171 or institutional complianceprograms to ensure alignment with federal research securityexpectations.

Why it Matters

NSPM-33establishes comprehensive research security requirements to safeguardfederally funded research and protect national innovation ecosystems.

Key benefitsinclude:

•  Strengthen research security governance

Promoteconsistent oversight of research security processes and helporganizations identify and mitigate emerging threats across researchactivities.

•  Enhance compliance with federal mandates

Enableorganizations to meet federal research security requirements,reducing the risk of funding disruptions and reputational harm.

•  Improve protection of sensitive information

Supportsafeguards that reduce unauthorized access to confidential orproprietary research data and intellectual property.

•  Increase transparency and accountability

Establishreporting and disclosure standards that improve clarity regardingexternal collaborations, financial interests, and researcheraffiliations.

•  Promote operational resilience

Enable researchorganizations to better prepare for, respond to, and recover fromincidents affecting research integrity or security.

How it Works

The U.S. NSTCNSPM-33 – National Security Presidential Memorandum 33: ResearchSecurity framework structures research security requirements aroundcore governance domains such as risk management, disclosure, and duediligence. NSPM-33 establishes a set of regulatory and securitycontrols that address the identification, assessment, and mitigationof risks related to foreign influence, conflicts of interest, andprotection of federally funded research activities. The frameworkalso specifies mandatory processes for information disclosure,research integrity, and compliance monitoring, which integrate intothe broader research lifecycle.

Organizationsimplement NSPM-33 by establishing procedures for vetting researchpersonnel and collaborators, maintaining systems for disclosingsignificant relationships or support, and integrating securitycontrols to protect sensitive research data. Routine activitiesinclude conducting risk assessments, mapping compliance requirementsinto internal governance programs, monitoring adherence to disclosurepolicies, and managing incident response related to breaches ornoncompliance. These steps support ongoing research security,accountability, and regulatory compliance with federal mandates.

SmartSuiteenables operationalization of NSPM-33 by providing control librariesaligned to framework requirements, facilitating disclosure andconflict tracking, and supporting policy governance. Organizationsleverage SmartSuite’s risk registers for ongoing threat assessment,automate evidence collection to demonstrate compliance, and employdashboards and reporting tools to monitor security posture and auditreadiness, ensuring effective management of research security andcompliance obligations.

Key Elements

•  Research Security Program Governance

Establishesorganizational responsibility, oversight structures, and leadershiproles for safeguarding research activities.

•  Disclosure and Transparency Requirements

Outlinesprotocols for reporting outside affiliations, financial interests,and potential conflicts in research personnel.

•  Foreign Engagement Risk Assessment

Describesprocesses for evaluating and mitigating risks posed by internationalcollaborations and partnerships.

•  Information Security Safeguards

Specifiesrequirements for protecting sensitive research data and controllingaccess to research environments.

•  Researcher Training and Awareness

Definesmandatory education and awareness initiatives targeting researchintegrity, security, and compliance topics.

•  Compliance Monitoring and Enforcement

Organizesmechanisms for oversight, periodic review, and enforcement ofinstitutional research security practices.

Framework Scope

U.S. NSTCNSPM-33 — National Security Presidential Memorandum 33 is adoptedby research institutions, universities, and entities managingfederally funded research activities. It governs research securitypolicies, compliance controls, and management of sensitive researchdata, and is typically applied when enhancing research securityoversight, addressing risk management, and supporting assuranceprograms for federally supported research environments.

Framework Objectives

U.S. NSTCNSPM-33 outlines objectives to safeguard research security andpromote strong risk management in federally funded research.

•  Protect sensitive research data through robust cybersecurity andsecurity controls

•  Strengthen governance and oversight of research activities andpartnerships

•  Enhance compliance with federal regulations and institutionalpolicies

•  Promote effective risk management and reduce vulnerabilities inresearch environments

•  Support operational resilience by establishing consistentresearch security protocols

•  Improve audit readiness and transparency for research securityprograms NSPM-33 aligns with U.S. federal research securityrequirements and is often integrated with frameworks like NIST SP800-53, ISO 27001, and CMMC. Organizations, particularly researchinstitutions and federal grant recipients, implement NSPM-33 to meetfederal security mandates, enhance institutional security governance,and ensure compliance with funding agency expectations.

Common Framework Mappings

NSTC NSPM-33 isoften mapped to other security and compliance frameworks tostrengthen research security, support regulatory alignment, andenable efficient cross-framework risk management and reporting forfederal contractors and research institutions.

Mappedframeworks include:

CIS CriticalSecurity Controls

CMMC

FERPA

FISMA

GDPR

HIPAA

ISO/IEC 27001

NISTCybersecurity Framework

NIST SP 800-53

SOC 2

‍