Research Security Training
Research Compliance
The Research Security Training provides information on risks and threats to the global research ecosystem — and the knowledge and tools necessary to protect against these risks. The training discusses the key concepts of research security, disclosure, risk management and mitigation, and international collaboration.
Training and Certification Requirements
Funding agencies may have specific training requirements (see your agency's policies for details).
Department of Energy (DOE)
As of May 1, 2025 covered individuals on Research and Development (R&D) projects must have completed research training within the last 12 months immediately preceding the proposal/application submission date. This training requirement also applies to award subrecipients who must complete the training within 30 calendar days of an individual joining a DOE sponsored project.
National Science Foundation (NSF)
As of October 10, 2025 NSF requires all Principal Investigators (PIs)/proposers and individuals identified as senior/key personnel to complete research security training prior to the submission of a proposal. NSF proposals submitted before October 10, 2025 do not need to complete the training before submission.
US Department of Agriculture (USDA)
As of October 10, 2025 all senior/key personnel participating on new USDA project proposals to complete a research security training course within the last 12 months before a proposal can be submitted to the agency. USDA also requires each project member to complete the research security training within 60 days of appointment to the project.
National Institutes of Health (NIH)
Starting May 25, 2026 NIH will require PIs/proposers and individuals identified as senior/key personnel to complete research security training prior to the submission of a proposal. The training is optional for proposals submitted before May 25, 2026.
All WWU PIs and individuals identified senior/key personnel as must have completed the CITI Research Security course in the last 12-months at the time the Proposal Routing Form (PRF) is initiated for an NSF or NIH projects after the above dates. PIs must attach valid Research Security course completion certificates to the PRF. The PI and senior/key personnel are responsible for ensuring their certification is up-to-date and current throughout the duration of the research project.
National Aeronautics and Space Administration (NASA)
Beginning August 5, 2026, any Principal Investigator (PI) (regardless of level of effort), any CoPI (regardless of level of effort), and only Co-Investigators proposing to spend ten percent or more of their time in any given year on a NASA-funded award will be required to certify that they have completed research security training within the last year. Any covered individual that joins a NASA-funded project after an award has been issued shall also submit biographical sketch and current and pending (other) support forms and attest that they have taken the requisite research security training.
Department of Defense (DOD)
No clear DoD-wide timeline has been issued regarding completion of the training for DoD-sponsored project, but WWU asks that PIs complete research security training in advance of submitting all DoD proposals to be in compliance when DoD officially requires proof of training.
Frequently Asked Questions
Updated 3/31/2026
NSF, NASA, and NIH
For NSF and NIH* the following individuals must complete research security training in the 12-months prior to submission:
- PI
- Senior/key personnel (for definition of "senior/key personnel" see NSF Proposal & Award Policies and Procedures Guide (PAPPG)
NASA** proposals require the following individuals complete the training within 12-months prior to submission:
- Any PI regardless of level of effort
- CoPI regardless of level of effort
- Only Co-Investigators proposing to spend ten percent or more of their time in any given year on a NASA-funded award
*NIH requirement in effect for proposals submitted on or after 5/25/2026
**NASA requirement in effect for proposals submitted on or after 8/5/2026
USDA
The recipient of a research award, whether an institution or individual, must certify that each individual employed by the recipient to work on the award has completed research security training and must recertify annually for the duration of the award.
DOE
Covered individuals: an individual who
a. contributes in a substantive, meaningful way to the development or execution of the scope of work of a project funded by DOE or proposed for funding by DOE, and
b. is designated as a covered individual by DOE. At a minimum, DOE designates as covered individuals any principal investigator (PI); project director (PD); co-principal investigator (Co-PI); co-project director (Co-PD); project manager; and any individual regardless of title that is functionally performing as a PI, PD, Co-PI, Co-PD, or project manager.
DOE departmental elements will often expand this list of designated roles, as specified in the applicable Notice of Funding Opportunity (NOFO) and/or terms and conditions of the Federal financial assistance award. Status as a consultant, graduate (master’s or PhD) student, or postdoctoral associate does not automatically disqualify a person from being designated as a “covered individual” if they meet the definition in (a) above.
For NSF, USDA, DOE, and DOD proposals: The training must be completed before the proposal is submitted to the agency. A valid training certificate(s) (no older than 12-months) must be attached to the Proposal Routing Form (PRF) at form initiation.
For NIH proposals submitted on or after May 25, 2026: The training must be completed before the proposal is submitted to the agency. A valid training certificate(s) (no older than 12-months) must be attached to the Proposal Routing Form (PRF) at form initiation.
For NASA proposals submitted on or after August 5, 2026: The training must be completed before the proposal is submitted to the agency. A valid training certificate(s) (no older than 12-months) must be attached to the Proposal Routing Form (PRF) at form initiation.
WWU has partnered with the Collaborative Institutional Training Initiative (CITI) to provide a free online regulatory training course in Research Security for our researchers.
The course we accept is called "Research Security Training (Combined)." The CITI program also offers a "Refresher" course for those who have previously taken the "Basic" course. A refresher course is required every 12 months.
If you have completed this training with another institution, affiliate your profile with WWU to document it.
The CITI Responsible Conduct of Research training is not the same as Research Security training.
If your proposal submission deadline is before May 25, 2026, research security training is not required at time of submission.
If your proposal submission deadline is before August 5, 2026, research security training is not required at time of submission.
Satisfying the Training Requirement
Refer to How to Register for CITI Trainings Instructions for a detailed explanation.
Updated 2/6/2026
NSF, NIH, and NASA Projects: No, currently a valid certificate is only required for submission.
- Note: The Research Security Refresher course is not currently in the WWU curriculum for user access. It will be available summer 2026. Questions about the refresher requirement(s) should be directed to researchintegrity@wwu.edu.
Review the Adding a CITI Course page for instructions (screenshots included).
In many cases, yes. The steps on the How to Register for CITI Trainings page will assist you if you have mistakenly chosen the wrong institution, your institution has changed, or you have an affiliation with more than one institution and need to transfer module completion credit.
If you would like to receive credit for modules previously taken, the certain requirements must be met.
Refer to instructions on the How to Access CITI Course Completion Certificates page.
Reminder! Make sure to save your Completion Certificate(s) as a PDF. We do not accept other formats.
Completion certificates should be attached to the PRF for your project.
Not sure how to attach a PDF to an eSign form? Check out EAS' FAQ that includes how to attach documents to an eSign form.
Refer to instructions on the How to Access CITI Course Completion Certificates page.
Reminder! Make sure to save your Completion Certificate(s) as a PDF. We do not accept other formats.
More Details about Agency Requirements
In accordance with Section 10634 of the CHIPS and Science Act of 2022 (42 U.S.C. § 19234), each individual identified as a senior/key person must certify that they have completed the requisite research security training that meets the requirements specified in Item 2 of NSF's Important Notice No. 149 Updates to Research Security Policies dated within 12 months prior to proposal submission.
Updated 12/5/2025
Research security training is not required for NIH proposal submissions until May 25, 2026. WWU Research Compliance staff will continue to monitor NIH notices, and we will update researchers if there are updates for NIH projects.
- 12/2/2025 notice "Research Security Training Requirements for NIH" (NOT-OD-26-017) sets requirement date as May 25, 2026.
- 9/11/2025 notice "Implementation of NIH Research Security Policies" (NOT-OD-25-154) was rescinded on 9/29/2025 with "Update: Recission Notice re: Implementation of NIH Research Security Policies" (NOT-OD-25-161).
Updated 2/6/2026
Research security training is not required for NASA proposal submissions until August 5, 2026. WWU Research Compliance staff will continue to monitor NIH notices, and we will update researchers if there are updates for NASA projects.
- 2/5/2026 notice "Research Security Training Requirements" (GIC 26-02) sets requirement date as August 6, 2026.
Updated 3/31/2026
No DOD-wide timeline has been issued regarding completion of the training for DOD-sponsored project. However, researchers should carefully read through proposal guidelines to identify training requirements until such time that DOD implements agency-wide requirements.
DOD has issued the “2065 DoD Component Decision Matrix to Inform Fundamental Research Proposal Mitigation Decisions” to assist DoD component agencies in their efforts to review research proposals for potential conflicts of interest and conflicts of commitment.
Updated 3/31/2026
Yes, research and development (R&D) projects have a research security training requirement for covered individuals.*
Within the 12 months prior to the application covered individuals must:
- Complete research security training.
- Certify that you have completed the training (via Current and Pending Support disclosure certification)”
*covered individuals: an individual who
a. contributes in a substantive, meaningful way to the development or execution of the scope of work of a project funded by DOE or proposed for funding by DOE, and
b. is designated as a covered individual by DOE. At a minimum, DOE designates as covered individuals any principal investigator (PI); project director (PD); co-principal investigator (Co-PI); co-project director (Co-PD); project manager; and any individual regardless of title that is functionally performing as a PI, PD, Co-PI, Co-PD, or project manager.
DOE departmental elements will often expand this list of designated roles, as specified in the applicable Notice of Funding Opportunity (NOFO) and/or terms and conditions of the Federal financial assistance award. Status as a consultant, graduate (master’s or PhD) student, or postdoctoral associate does not automatically disqualify a person from being designated as a “covered individual” if they meet the definition in (a) above.
- 10/7/2024 Financial Assistance Letter "Research Security Training Requirements for all R&D Financial Assistance Awards"
The recipient of a research award, whether an institution or individual, must certify that each individual employed by the recipient to work on the award has completed research security training (RST) and must recertify annually for the duration of the award. RST must have been completed either at the time of application, where applicable, or within the 12-month period immediately preceding the commencement of work on the award.
How do I find the correct course for the Research Security requirement?
You can add the Research Security course to your WWU affiliated CITI account using our Add a CITI Course instructions (includes screenshots specifically for Research Security course).