Home | Research Security Program

Research Security Program

Stony Brook University (SBU) remains committed to the principles of academic freedom and the open exchange of knowledge, which serve as the bedrock of research and scholarship. Our faculty, staff. and students are encouraged to participate in international research activities, as these may promote the creation of knowledge and enrich learning experiences. In addition, such international research activities (both funded and unfunded) should be reviewed and conducted in a manner consistent with applicable requirements, including those of federal and state agencies, as well as SBU's own policies.

SBU Policy International Engagements

Request a Research Security Review (NetID login required)

What is Research Security?

There are three main areas of importance related to international research activities and research security.

Disclosure of external relationships, both domestic and international. These relationships must be transparent and disclosed in accordance with applicable federal sponsor agency guidance/policies and SBU policy/procedures.
Protection of intellectual property, research data, and materials, i.e., cybersecurity, physical security, review of international relationships and higher risk activities, use of appropriate agreements (e.g., material transfer, confidentiality, collaboration, data-use, visitor scientists) when engaging in international research activities.
Compliance with export controls, i.e., disclosure, shipment, use, transfer, or transmission of any item, commodity, material, technical information, technology, software, or encrypted software for the benefit of a foreign person or foreign entity anywhere (including the transfer of controlled information within the U.S. “deemed export”); transaction and the provision of services involving prohibited countries, persons or entities based on trade sanctions, embargoes and travel restrictions; and certain transactions with persons or entities designated on a restricted party list.

Where can you get assistance with Research Security?

The Research Security Program team can provide support with any of the following issues:

Disclosure of foreign collaborations and relationship
International travel
Hosting visiting researchers on campus
Foreign government talent recruitment programs (international appointments)
Review international research activities to assess risk from undue foreign influence
Guidance on federal sponsor risk review processes/policies

How can you request a review of an international activity?

The Research Security Program team has created forms for easy submission of review requests.

REQUEST A RESEARCH SECURITY REVIEW - NETID LOGIN REQUIRED

Are there training requirements for research security?

The Research Security Program strongly encourages completion of the National Science Foundation's Research Security Training in the Collaborative Institutional Training (CITI)* software - note that these modules are required by some sponsors.

The training consists of four modules. 1. What is Research Security, 2. Disclosure, 3. Manage and Mitigate Risk, and 4. International Collaboration.

IMPORTANT: Complete this training in CITI * to create an institutional record of completed training.

*CITI is available to all SBU faculty, staff and students - Use the Log In Through My Organization option and use your NetID and password. Directions: Select "Add a Course", then "I want to complete the Research Security Course at this time", then "Research Security Training", select "Next". You will then have the option of viewing any or all four modules, completion of the modules will be recorded in CITI.

Resources and Guidance for Research Security

Research Security Program Newsletters and Campus Correspondence

The Research Security Program disseminates important information and updates from the federal government and federal sponsor agencies through newsletters and campus correspondence. Newsletters and Campus Correspondence are available here.

Research Security Overview, Concepts, and Guidance

Below is an overview of research security along with general information, concepts and links to additional information, training, and resources. Faculty, staff, and students who conduct or participate in international activities must be familiar with the information provided in these pages. Questions, contact the Research Security Program

Disclosure of External Relationships

Researchers have an obligation to disclose all external relationships - both domestic and international - in a manner that is consistent with applicable requirements, including federal and state laws, regulations, and agency guidance, as well as the university's own policies and procedures.

Disclosure of External Interests and Commitments Policy

Individual (researchers, faculty, and staff) have an obligation to avoid conflicts of interest and commitment when carrying out their external and University education, research, scholarship, or service responsibilities. This includes activities over summer and winter break months. These external activities must be reported in myResearch Conflict of Interest in an individual's Disclosure Profile.

For additional information and resources, see the University Disclosure Requirements website.
Researchers are required to appropriately disclose all activities, including all international relationships, activities and components, in accordance with their federal sponsor's guidance and policies*.

Resources and guidance on federal sponsor disclosure requirements can be found here.

*Federal sponsors continue to have varying disclosure requirements for the Current and Pending (Other) Support and Biographical Sketch.
Gifts may be in the form of donations of money, property, or resources with no clear expectation of direct benefit to the donor.

All gifts to SBU should be reported to ensure proper review, management, and reporting.
- Gift Policies, Stony Brook Foundation
- Gifts for Research, Office of the Vice-President for Research
Research reporting requirements of gifts and federally sponsored projects:
- If gift funds are used to support sponsored research there may be additional reporting to the research sponsor (e.g. disclosure of other support).
SBU institutional reporting requirements of foreign gifts:
- Disclose semi-annually to the U.S. Department of Education specific financial transactions pursuant to Section 117.
- Disclose annually to the National Science Foundation specific financial transactions pursuant to the CHIPS ad Science Act of 2022.

Protection of Intellectual Property, Research Data, and Materials

Researchers, as stewards of their data, have an obligation to protect their data in accordance with all applicable policies. This includes institutional policies, sponsor policies, and any terms and conditions accepted in an agreement.

SBU Cybersecurity Policies

Sensitive Information Classification Policy

Data Classification Security Standards
- Faculty, staff, and students are required to comply with SBU cybersecurity and data security policies.
- Researchers (both funded and unfunded) may have additional laws and/or regulations that oversee the data security requirements of a category of data.
- Researchers may have additional cybersecurity laws and/or regulations that are required for the conduct of their projects. (See Federal Awards and Protection Standards below)
Read more about cybersecurity.
SBU does not conduct or accept classified research or controlled unclassified information (CUI).

Controlled Unclassified Information (CUI) is information the Government creates or possesses, or that an entity creates or possesses for or on behalf of the Government, that requires safeguarding or dissemination controls consistent with applicable laws, regulations, and Government-wide policies but is not classified under Executive Order 13556 “Classified National Security Information” or the Atomic Energy Act, as amended.

Contact the Research Security Program if you have questions regarding CUI for research.
SBU cannot accept or store data subject to the GDPR or other similar data protection laws.

The General Data Protection Regulation (GDPR) is a regulation in European Union law on data protection and privacy concerning the processing by an individual, a company or an organization (including SBU) of personal data relating to individuals in the European Union and European Economic Area.

Many other countries have similar types of laws.

Review Data Use Agreements for the appropriate contact area.
Certain categories of research data require increased security measures.

Researchers working with and/or creating such research data must also comply all applicable regulations and laws and sponsor policies.

Read more about data security and data categories.
Federal sponsor awards, particularly contracts and sub-contracts, include cybersecurity and data protection standards.

These standards include:
- IT and physical security requirements and/or
- Prohibitions on vendors, software, hardware, and/or social media applications.
Careful consideration should be given to the level of physical security that is needed to protect equipment, materials, and research data.

Environmental Health & Safety has established baseline requirements for lab security based on risk factors.

Contact the Research Security Program if you are contemplating research with increased physical security requirements or are purchasing export controlled items.
Transfer of data, and materials to other researcher and labs must follow all applicable laws, regulations, contractual obligations and SBU policies.

Some common types of agreements are:
- Data Use Agreements
- Sponsored Research Agreements (including unfunded Collaboration Agreements)
- Material Transfer Agreements
- Intellectual Property License Agreements
- Non-Disclosure Agreements
Who can sign agreements?

Check to see what office is authorized to sign an agreement.
SUNY Patents, Inventions and Copyright Policy

Researchers are required to disclose:
- Intellectual property as required to sponsors.
- Any potential inventions or other intellectual property to Intellectual Property Partners (IPP).
Resources and guidance on intellectual property protection.

Higher Risk Activities (from the U.S. Government)

The U.S. federal government has identified certain parties, countries, and areas of research that require additional due diligence when engaging in international activities. These are Restricted Parties, Countries of Concern, Foreign Talent Recruitment Programs, and Critical and Emerging Technologies.

The U.S. government maintains lists of entities and persons who are restricted and/or denied certain transactions. This includes the recent "1286 List" - Restricted Party Overview

All foreign person and entities must be screened for inclusion on any of these lists prior to engaging in activities.

How to conduct a restricted party screening using Descartes Visual Compliance software

Any activities with a Restricted Party must be reviewed by the Research Security Program.
Countries of Concern: China, Iran, Russia, and North Korea.

Recognized as countries of concern by many federal agencies and sponsors. Activities that include these countries have additional risks and must be reviewed by the Research Security Program.

June 2023, the U.S. Department of Defense issued "Countering Unwanted Foreign Influence in Department-Funded Research at Institutions of Higher Education".
Faculty and other key personnel on federally funded research awards should understand the definitions of Foreign Talent Recruitment Programs (FTRP) and Malign Foreign Talent Recruitment Programs (MFTRP) and federal sponsor restrictions on MFTRPs.

Many federal sponsors now require certification that faculty and other key personnel are not participating in a MFTRP.

Is My Talent Program Malign?

Resources and guidance on FTRPs and MFTRPs can be found here.
The federal government maintains a list of critical and emerging technologies that are potentially significant to U.S. national security. Researchers contemplating a research activity with an international partner in one of these areas should contact the Research Security Program.

Federal Resource: Critical and Emerging Technologies List Update (February 2024); Fast Track Action Subcommittee on Critical and Emerging Technologies of the National Science and Technology Council

Compliance with Export Controls

Researchers have an obligation to be aware of export restrictions applicable to any ideas, information or equipment they intend to share with international collaborators, whether they are overseas or visiting the U.S.

Export control assistance:
Export control overview:

Export controls are a body of federal regulations that regulate:
- Disclosure, shipment, use, transfer, or transmission of any item, commodity, material, technical information, technology, software, or encrypted software for the benefit of a foreign person or foreign entity anywhere (including the transfer of controlled information within the U.S. “deemed export”);
- Transactions and the provision of services involving prohibited countries, persons or entities based on trade sanctions, embargoes and travel restrictions.

Policies and Guidance

The U.S. federal government has issued requirements and guidance for Research Security Programs.

Current and historical information is available here.
Many campus policies are related to an effective research security program. These policies are discussed and referenced throughout these pages.

Related SBU Campus Policies

SBU Policy Website

Assess and Mitigate Risk in International Activities

Below is general guidance for assessing and mitigating risk in international activities.

For informal international engagements that include high-risk activities and do not require prior approval by an administrative office (e.g., shipments, P-card purchases, collaborations, co-authorship) the faculty or staff member engaging in the activity should submit a request for review.

For formal international engagements, activities that include high-risk activities and require prior approval by an administrative University office (e.g., sponsoring international visiting scholars, international travel, sabbatical leave, Title F leave, appointments at foreign and domestic institutions, outside consulting, externally funded research, human subjects research), either the administrative office or the faculty or staff member could submit a request for a review/consultation.

Professional Activities Professional Activities Risk Considerations Examples: Conference, meeting, or seminar (attend and/or present). Sabbatical leave, Title F leave, appointments paid or unpaid) at foreign institutions, outside consulting, unfunded research projects, and/or scholarship.
	International Collaborations International Collaboration Risk Considerations Examples: Funded and unfunded collaborations. Sharing of materials, resources, equipment, and/or visitors. Joint publications and/or conference presentations.
International Travel Security International Travel Risk Considerations Examples: Data and electronic device security. Hand-carry/ship items that are or may be export-controlled. Travel to high-risk or embargoed sanctioned countries.
	International Visitors International Visitor Risk Considerations Examples: Visiting scholars, collaborators, consultants, delegations, laboratory visits/tours, conference, seminar, or lecture participants or attendees, and volunteers.
Awareness and Training Awareness and Training Resources/Materials Awareness and training resources to assist SBU faculty, staff, and students in understanding how to practice research security.
	Federal Sponsor Risk Reviews Federal Sponsor Risk Reviews Federal agencies have implemented a variety of policies and processes to counter undue foreign influence, including risk reviews for fundamental research projects.