Research Security

Conflicts of Interest

Involvement of faculty and / or professional staff with appropriate commercial enterprises is an important part of the transfer of knowledge and is encouraged by UD to enhance both educational and research programs.  UD personnel who have an interest that may bias or give the appearance of biasing their research may have a conflict of interest.  University of Delaware’s Research Policy 6-11 defines a potential conflict of interest as an occurrence when there is a divergence between an individual’s private interests and his or her professional obligations, such that an independent observer might reasonably question whether the individual’s professional judgment, commitment, actions, or decisions could be influenced by considerations of personal gain, financial or otherwise.  UD has a webform for the annual disclosure of potential conflicts of interest.  If a conflict exists, then a management plan is established that includes the investigator, the chair of the investigator’s department, the dean of the investigator’s college, and the Research Office.  For specifics and further explanation of conflicts of interest and UD’s management of conflicts, see:

Controlled Unclassified Information (CUI) Procedures

Controlled Unclassified Information (CUI) is designated information that requires safeguarding or dissemination controls pursuant to and consistent with applicable laws, regulations, and government-wide policies. Information is deemed CUI by the federal government because it is sensitive in nature. There are two CUI registries – the CUI Registry is maintained by the National Archives, and the DOD CUI Registry is maintained by the US Department of Defense (DOD). The improper safeguarding of DOD CUI (also referred to as Covered Defense Information) may impact national security. DOD CUI is unclassified but requires controls to prevent release of information that, if publicly associated with defense missions or aggregated with other sources of information, can reveal exploitable information to US adversaries. For specifics and further explanation of CUI procedures download the following pdf:

Export Control

UD research is subject to U.S. Export Control laws that protect national security, foreign policy, and trade, including the International Traffic in Arms Regulations (ITAR), implemented by the U.S. Department of State and the Export Administration Regulations (EAR), implemented by the U.S. Department of Commerce. The Office of Foreign Asset Control (OFAC), which is part of the U.S. Department of the Treasury, is responsible for administering and enforcing economic and trade sanctions against certain nations, entities, and individuals.

UD complies with export control laws and regulations related to the export of both goods and services.  These laws and regulations control the export of strategic information, technology and services to foreign countries, as well as to foreign nationals inside the United States.  Information about export controls is available at: https://research.udel.edu/regulatory-affairs/#3.

Financial Disclosures

In accordance with the University “Conflict of Interest Policy and Procedures for Faculty and Staff“ (Research Policy 6-11), faculty and professional staff must disclose their significant financial interest as defined in the Policy, in addition to those of their spouses and dependent children. Disclosures must be completed via UD web form annually and within 30 days of any changes to previously disclosed interests.

Additionally, UD investigators are expected to disclose current and pending support when submitting federal proposals.  The National Science Foundation (NSF), for example, in its Proposal & Award Policies & Procedures Guide, calls for the disclosure of “all current and pending support for ongoing projects and proposals, including this project, and any subsequent funding in the case of continuing grants” in proposals.  Funding sources include, but are not limited to, federal, state, foreign, foundations (public or private), industrial, and internal funds.  The National Institutes of Health (NIH) disseminated a notice on July 10, 2019 clarifying that support includes “all resources made available to a researcher in support of and/or related to all of their research endeavors, regardless of whether or not they have monetary value and regardless of whether they are based at the institution the researcher identifies for the current grant.”

Foreign Involvement

While international collaborations may be acceptable, UD personnel are expected to disclose foreign involvement to ensure that potential issues are properly addressed and resolved. Foreign involvement must be disclosed on Conflict of Interest disclosures, Biosketches/CVs, and Current & Pending (Other) Support documents.

Prior to accepting an appointment or employment at a foreign entity, the position must first be disclosed to, discussed with, and approved by the UD supervisor in writing. UD personnel may not conduct business with entities or individuals on any U.S. restricted party list. Initial searches can be conducted here. All outside employment, including consulting, must be in compliance with the Faculty Handbook and UD’s policy on Outside Employment.

Related University Policies

• Conflict of Interest in Research
• Faculty Handbook
• Outside Employment
• Registered University Trademarks and Service Marks
• Participation in Malign Foreign Talent Recruitment Programs
• Intellectual Property Protection, Ownership, and Commercialization

Research Security Procedures for International Travel

PRIOR TO TRAVELING INTERNATIONALLY ON UD BUSINESS

• Please contact Clarissa Roth, Director of Research Security at clarissa@udel.edu to advise where (institution, city, country) you will be traveling, the dates, and the purpose (such as attending a scientific conference).
• Review UD’s safe travel practices and Secure UD Essentials to protect data and devices.
• Ensure mobile phones have device finder and remote wipe capability. Please review UD’s remote data protection page. For Apple devices, additional information is available here.
• Prior to and during travel, it is recommended that UD travelers monitor the State Department’s travel advisory page for the destination. Signing up for Smart Traveler Enrollment Program (STEP) is recommended when there is an elevated threat level in the destination country / region.
• Do not transport your UD device to a country of concern, whether on UD business or personal travel. Instead, please borrow a clean laptop from UD IT.

TRAVEL RESTRICTIONS

• Due to heightened security concerns, Director of Research Security approval is required if proposing to travel to a country of concern.
• Travel to OFAC-sanctioned regions is prohibited while traveling on UD business.
• UD faculty and staff should not associate with the restricted entities and individuals on the U.S. Consolidated Screening List. Travel to or funded by a restricted entity is prohibited.

EXPORT CONTROLS

When presenting research abroad, ensure that materials are either publicly available or qualify as fundamental research. It is the traveler’s responsibility to ensure that electronic devices and presentations do not contain export-controlled information.
Contact RO-Agreements@udel.edu well in advance to discuss any export-controlled technology, software or information necessary for the trip. The Research Regulatory Affairs office will help determine if an export control license is needed. Please note:

• ITAR-controlled technology may not be transported outside the U.S without a license.
• The export of EAR-controlled articles may require a license.
• For temporary importation of equipment, an international customs Carnet for temporary export-import can simplify the customs process and help avoid unnecessary fees.

Be aware of import restrictions and requirements at your destination for electronics, encryption technology, or other items. Typically, travel with items classified as EAR99 or general mass-market encryption technology under ECCN 5A992, such as smartphones, laptops, and similar consumer devices, is permitted without an export license for most destinations. However, certain countries, such as China, Israel, and Russia have restrictions on the import and use of encryption tools and do not allow cryptography tools to be imported or used within their borders without a license, or in some extreme cases, at all. Under these restrictions, devices can be confiscated while entering or leaving their borders.
Questions to consider:

• Is the travel related to a sponsored research project with an active Technology Control Plan?
• Will your activities involve sharing applied research not already in the public domain?
• Does your electronic device contain controlled software, technology, or information or have advanced or unique computing capabilities including those that are customized for use with a particular instrument, containing specialized research software, etc. (Note: this does not include off-the-shelf laptops with standard operating systems, basic administrative software packages, and mass-market encryption capabilities.)
• Will you be taking or shipping equipment or instruments for research purposes?
• Will you be taking or shipping chemicals, biologicals, composites or other materials that may be export-controlled?
• Will you be taking or shipping items designed or used for military, aerospace, or nuclear purposes?

If you answered yes to any of the above, please contact RO-Agreements@udel.edu to discuss. Please refer to the Research Office’s Export Controls page for further information.

WHILE TRAVELING ABROAD

Physically Secure Devices: Remain vigilant about the physical security of your devices as you travel, especially in China. Devices may be at risk of physical tampering or theft, particularly if left unattended, even if in a locked hotel room or hotel safe.

Devices may be subject to search and seizure when crossing international borders, such as in customs. If a device is taken from you in another country and then returned, it may have been compromised. In this case, it is best to refrain from using the device until IT has assessed it upon your return to UD. The contents of the laptop, phone, tablet or other electronic device may also have been copied.

Use VPN: Securely access the internet and your files by using UD’s Virtual Private Network (VPN) while traveling. VPN provides security and privacy by encrypting information and masking your IP address, search history, and location. Using VPN is recommended whenever you connect to the internet away from UD’s campus. However, you may need to verify that the location you’re traveling to allows the use of encryption software. Most of the countries participating in the Wassenaar Arrangement recognize the personal use exemption for encryption. Other countries may have more restrictive regulations on encryption or block the use of VPN entirely from their networks. Please note that regulations change often, so review the Department of State page for your destination.

Tips for securing devices and data

• Only take devices and information essential for the trip.
• Backup local files prior to travel (this may occur automatically if you utilize OneDrive).
• Ensure no personal information or UD credit card information is saved on the device.
• Never leave devices unattended.
• Lock devices when not actively using them.
• Use a secure VPN internet connection with two-factor authentication.
• Disable Wi-Fi when not in use.
• Do not access social media apps or sites on a UD device while in a country of concern.
• Avoid public devices such as charging stations, which may upload malware to your device
• Refrain from downloading or transferring software or sensitive data to your device while traveling.
• Do not accept USB devices from foreign parties.
• If in doubt, have your computer checked for malware upon return.

REPORT SECURITY INCIDENTS

Report suspected or known cybersecurity incidents immediately. Please see reporting instructions here. Include a description, the time of the incident, and any other details you have. The longer an incident goes unreported, the more damage it can cause.

• If a device was temporarily taken from your possession or a security incident is suspected, contact your local IT Pro to have the device scanned for malware before using.
• Contact IT immediately if a UD device has been lost or stolen while traveling.
• If you notice any unusual activity with your UD accounts upon return, use a trusted computer to change any passwords used while traveling and report the activity to IT.

CONFLICT OF INTEREST DISCLOSURES

UD-related travel funded by a foreign entity must be disclosed on the Conflict of Interest Disclosure webform in the “Reimbursed or sponsored travel” section. For instance, if a conference organizer pays or reimburses the travel costs for a faculty member, it should be disclosed.

NASA China Certification

The federal Appropriations Acts which fund the National Aeronautics and Space Administration (NASA) include a prohibition regarding the People’s Republic of China (PRC). This restriction prohibits NASA from funding any joint scientific activity with the PRC. Since the federal restriction was implemented in 2011, NASA has included terms in grants, contracts and solicitations stating that proposers and award recipients may be ineligible for funding if the NASA project includes bilateral involvement of China or Chinese owned companies.

The China restriction on NASA funding originated in Public Law 112-10 (2011) and has been included in each subsequent U.S. Consolidated Appropriations Act. The language states:
None of the funds made available by this Act may be used for the National Aeronautics and Space Administration (NASA)… to develop, design, plan, promulgate, implement, or execute a bilateral policy, program, order, or contract of any kind to participate, collaborate, or coordinate bilaterally in any way with China or any Chinese-owned company unless such activities are specifically authorized by a law enacted after the date of enactment of this Act.

NASA defines “China or Chinese-owned company” to mean the PRC, any company owned by the PRC, or any entity incorporated under the laws of the PRC; this includes entities such as Chinese colleges, universities, research institutes, and any government unit. The law does not restrict individual involvement based on citizenship or nationality.

NASA addresses the China restriction in the Grant and Cooperative Agreement Manual (GCAM): “In addition, proposals that include the participation of China or any Chinese-owned company are ineligible to receive an award…”

Due to this federally-mandated restriction, NASA may not issue an award to the University of Delaware if there will be bilateral involvement of the PRC or a Chinese-owned company in the proposed project.

In order to verify there will be no bilateral involvement of the Chinese government or Chinese-owned companies, the University of Delaware requires that a certification form be completed by every member of UD senior/key personnel prior to the submission of each NASA proposal. This applies to both proposals in which UD is serving as the lead or as a subrecipient. The signed form(s) should be uploaded to the UD proposal record as an attachment named “2#A#####_NASA_Cert” at the time of routing the proposal.

The NASA Proposal Certification which includes additional information and instruction can be accessed here.

Office of Foreign Assets Control

The Office of Foreign Assets Control (OFAC) of the US Department of the Treasury administers and enforces economic and trade sanctions based on US foreign policy and national security goals against targeted foreign countries and regimes, terrorists, international narcotics traffickers, those engaged in activities related to the proliferation of weapons of mass destruction, and other threats to the national security, foreign policy or economy of the United​ States. ​OFAC publishes lists of individuals and companies owned or controlled by, or acting for or on behalf of, targeted countries. Use the links below to view the latest OFAC changes.

Restricted Party Screening

Restricted party screening is conducted prior to the initiation of collaboration with international entities. Restricted party screening identifies individuals and entities with whom UD should not interact. Restricted parties, for example, may be listed because they are associated with a terrorist organization, because they have been identified as a threat to national security, or because they have a history of corruption. These lists are updated regularly.

Names of parties with whom UD investigators are considering interacting are provided to and screened by the Research Office. The Research Office utilizes software that accesses numerous databases of individuals and entities that are barred or are restricted from transacting with U.S. entities. The software continues to monitor the screened parties and alerts the Research Office if there is a change in status.

In addition to this software, the U.S. Government maintains a Consolidated Screening List that is available on the export.gov website.

Research Security Training

NSF RESEARCH SECURITY TRAINING REQUIREMENTS

Effective December 2nd, 2025 the National Science Foundation (NSF) implemented a mandatory requirement that all senior/key personnel complete research security training within 12 months of proposal submission. This training requirement includes subrecipients. Individuals identified as senior/key personnel on NSF proposals must certify that they have completed the research security training within the preceding 12 months. 

UD utilizes the Research Security Training (Combined) course on CITI Program, which meets the requirements of the CHIPS and Science Act of 2022 by addressing research security topics including foreign influence, the importance of disclosure, risk mitigation and management, and international collaboration. The combined course is a condensed version of NSF’s research security training modules, and takes approximately one hour to complete as compared to the 4+ hours necessary to complete the extended NSF version.

The Research Office utilizes CITI’s reporting function to verify training completion for senior/key personnel. Instructions for accessing the CITI training are available here.

NEW DOE SECURITY TRAINING REQUIREMENTS

Effective May 1st, 2025 the U.S. Department of Energy (DOE) requires covered individuals to complete research security training prior to submitting DOE research proposals. The training requirement extends to subrecipients.

Covered Individuals. DOE defines a "covered individual" to include, at a minimum, any principal investigator (PI); project director (PD); co-principal investigator (Co-PI); co-project director (Co-PD); project manager; and any individual regardless of title that is functionally performing as a PI, PD, Co-PI, Co-PD, or project manager. The DOE may expand this list of designated roles to include other technical staff (such as postdocs and grad students), as specified in the applicable Notice of Funding Opportunity (NOFO) and/or terms and conditions of the award.

Certifications. Each covered individual listed on the application must certify on their Current & Pending Support document that they have completed research security training within the preceding 12 months. Additionally, UD must certify at the time of submission that all covered individuals listed on the proposal application have completed the training.

Training. UD is utilizing CITI Program’s Research Security Training (Combined) course, a condensed version of the National Science Foundation’s more extensive research security training modules, to meet the federal training requirement. The condensed course takes approximately one hour to complete, as compared to the 4+ hours necessary to complete the extended NSF version. CITI’s combined course aligns with the requirements of Section 10634(B) of the CHIPS and Science Act of 2022 and addresses research security topics including the importance of disclosure, risk mitigation and management, and international collaboration.

Records. To comply with the federal requirement, UD must maintain records of training completion to be provided to DOE upon request. The Research Office will utilize CITI’s reporting function to verify training completion. If a covered individual completed the research security training modules on the NSF website within the past year, please email a copy of the completion certificate to Clarissa Roth at RO-Agreements@udel.edu. 

CITI Instructions. Guidance on establishing a CITI user profile and accessing the online training is available at the link below.  Covered individuals must enter their UD email address (@udel.edu) in the “Preferred Email” field of their CITI Profile. This field is used as a link to PeopleSoft Financials to assist the University in certifying compliance.

Awards. For DOE awards containing the research security training requirement, any new covered individuals at the recipient and subrecipient levels added to the project must certify they have completed the training within thirty (30) calendar days of joining the project. Covered individuals previously identified in the proposal who have already certified and completed the research security training do not need to complete it again, even if they are submitting an updated Current and Pending Support Form during the life of the award.

Other Federal Sponsors. Research security training is one of required elements of a Research Security Program under National Security Presidential Memorandum 33 (NSPM-33) to safeguard United States research and development. The CHIPS and Science Act of 2022 codified the requirement for research security training into public law. The training requirement is being implemented across all federal sponsors, and updates will be shared with UD’s research community as they become applicable.

More information about the DOE requirement can be found here.

Financial Assistance Letter 2025-02, Research Security Training Requirements for all R&D Financial Assistance Awards, can be found here.