Title 42 — The Public Health and WelfareRelease 119-73not60

§19037 Research Security and Integrity Information Sharing Analysis Organization

Title 42 › Chapter 163— RESEARCH AND DEVELOPMENT, COMPETITION, AND INNOVATION › Subchapter III— NATIONAL SCIENCE FOUNDATION FOR THE FUTURE › Part D— NSF Research Security › § 19037

Last updated Apr 5, 2026|Official source

Summary

The Director must hire an independent group to create a Research Security and Integrity Information Sharing Analysis Organization (RSI-ISAO). The RSI-ISAO must include members from colleges, nonprofit research centers, and small and medium-sized businesses. It will collect and share information to help the research community spot and respond to improper or illegal attempts by foreign actors to take research, know-how, materials, or intellectual property. It will also make risk-assessment tools and best practices, share threat alerts and lessons learned, give timely reports and training (like webinars), gather and analyze incident data, spot patterns and bad actors, and take other steps to improve research security. The Foundation can give startup money, but the RSI-ISAO should charge members yearly fees on a sliding scale based on research and development spending to cover costs and plan to operate without federal money. It may set up a board with diverse research stakeholders. The Director must get community input by holding workshops or publishing the planned services and membership rules and taking public comments for at least 60 days.

Full Legal Text

Title 42, §19037

The Public Health and Welfare — Source: USLM XML via OLRC

(a)The Director shall enter into an agreement with a qualified independent organization to establish a research security and integrity information sharing analysis organization (referred to in this section as the “RSI-ISAO”), which shall include members described in subsection (d) and carry out the duties described in subsection (b).

(b)The RSI-ISAO shall—

(1)serve as a clearinghouse for information to help enable the members and other entities in the research community to understand the context of their research and identify improper or illegal efforts by foreign entities to obtain research results, know how, materials, and intellectual property;

(2)develop a set of standard risk assessment frameworks and best practices, relevant to the research community, to assess research security risks in different contexts;

(3)share information concerning security threats and lessons learned from protection and response efforts through forums and other forms of communication;

(4)provide timely reports on research security risks to provide situational awareness tailored to the research and STEM education community;

(5)provide training and support, including through webinars, for relevant faculty and staff employed by institutions of higher education on topics relevant to research security risks and response;

(6)enable standardized information gathering and data compilation, storage, and analysis for compiled incident reports;

(7)support analysis of patterns of risk and identification of bad actors and enhance the ability of members to prevent and respond to research security risks; and

(8)take other appropriate steps to enhance research security.

(c)The Foundation may provide initial funds toward the RSI-ISAO but shall seek to have the fees authorized in subsection (d)(2) cover the costs of operations at the earliest practicable time.

(d)(1)The RSI-ISAO shall serve and include members representing institutions of higher education, nonprofit research institutions, and small and medium-sized businesses.

(2)As soon as practicable, members of the RSI-ISAO shall be charged an annual rate to enable the RSI-ISAO to cover its costs. Rates shall be set on a sliding scale based on research and development expenditures to ensure that membership is accessible to a diverse community of stakeholders and ensure broad participation. The RSI-ISAO shall develop a plan to sustain the RSI-ISAO without Federal funding, as practicable.

(e)The RSI-ISAO may establish a board of directors to provide guidance for policies, legal issues, and plans and strategies of the entity’s operations. The board shall include a diverse group of stakeholders representing the research community, including academia, industry, and experienced research security administrators.

(f)In establishing the RSI-ISAO under this section, the Director shall take necessary steps to ensure the services provided are aligned with the needs of the research community, including by—

(1)convening a series of workshops or other multi-stakeholder events; or

(2)publishing a description of the services the RSI-ISAO intends to provide and the requirements for membership in the Federal Register and provide an opportunity for submission of public comments for a period of not less than 60 days.

Reference

Citations & Metadata

Citation

42 U.S.C. § 19037

Title 42 — The Public Health and Welfare

Last Updated

Apr 5, 2026

Release point: 119-73not60