Research Security and Compliance (RSC) is about protecting the integrity, confidentiality and value of research. RSC ensures the people, ideas, data and technologies involved in research are safe from theft, misuse or interference – whether that’s from cyber threats, insider risks or even foreign influence.  

RSC’s purpose is to create a secure environment where researchers can collaborate, innovate and share knowledge responsibly, including:  

  • Protecting sensitive data like proprietary findings, export-controlled information and Controlled Unclassified Information;
  • Ensuring compliance with laws and funding agency requirements;
  • Safeguarding intellectual property;
  • Preventing malign foreign influence or espionage.

Two Types of Research

There are two types of research conducted through the University may be classified as. Each type of research has different security and compliance regulations.

Fundamental Research

Fundamental Research is research in basic or applied science and engineering where the resulting information is intended to be published. Note, the legal definition of Fundamental Research differs from the more widely accepted and known definition used within the scientific community.  

University research will not be considered Fundamental if:  

  • Ë¿¹ÏÊÓƵ, or its researchers, accept restrictions on publication of scientific and technical information resulting from the project activity; or  
  • The research has specific access and dissemination controls preventing access based on citizenship or nationality.  

Fundamental Research does not apply to equipment, software or technology used to conduct research, or tangible items that result from research.

Controlled Research

If research is not Fundamental Research, it will be considered Controlled Research and will be subject to US export control regulations. Contact the RSC team for guidance on including a Fundamental Research statement in your proposal and addressing restrictive clauses.  

Indicators of Controlled Research will likely include mentions of the following:

  • Export Controlled
  • International Traffic in Arms Regulation (ITAR)
  • Export Administration Regulations (EAR)
  • Controlled Unclassified Information (CUI)
  • Covered Defense Information (CDI)
  • Controlled Technical Information (CTI)
  • Cybersecurity Maturity Model Certification (CMMC)
  • NIST 800-171
  • DFARS
  • Distribution Statement

Proactively reaching out to the RSC team early in the solicitation/proposal process can save you time and money. Controlled Research has unique funding requirements and RSC is here to help. 

Contact the RSC team by emailing Joe Fleri, Director for Research Security and Compliance, at jfleri@umsystem.edu

International Activities Disclosures

Ë¿¹ÏÊÓƵ of Missouri values international collaborations and recognizes that such collaborations are integral to fulfilling our mission as a public, land-grant university. It is also important the University of Missouri investigators be open and fully transparent about their foreign relationships and activities.

Federal funding agencies are prohibited from issuing funding to faculty engaged in a Malign Foreign Talent Recruitment Program. As such, the University prohibits participation in a Malign Foreign Talent Recruitment for all employees. For more information, please see CRR 330.120.

Additional Malign Foreign Talent Information and Resources

Individuals who are current parties to a Malign Foreign Talent Recruitment Program are not eligible to serve as a senior/key person on an NSF proposal or on any NSF award made after March 25, 2024.  

A certification will be included on the ePSRS sent by your grant support personnel. For additional resources, email exportcontrols@missouri.edu or call 573-884-9954.

Additional federal guidance on what constitutes a Malign Foreign Talent Recruitment Program and types of activities that do not constitute participation in such programs can be found at the Guidelines for Federal Research Agencies Regarding Foreign Talent Recruitment Programs (Archive, PDF)

Campus International Disclosure Guidance

International Travel

International travel has many benefits, but also involves some degree of risk, especially regarding device and data security. Have no expectation of privacy when traveling abroad, especially on electronic devices. 

The UM System Information Technology Security Office has developed guidance and resources to assist university travelers. Travel with university-provided electronic devices to sanctioned destinations (Cuba, Iran, North Korea, Syria, or the Crimea, Donetsk, or Luhansk regions of Ukraine) is not permitted without authorization from Research Security and Compliance.

Before your trip, review the to find information about any travel advisories, identify the closest U.S. embassy and learn additional information about the country where you are traveling.  

Export Controls and Sanctions

View the .

There are a variety of laws (e.g., the Arms Control Act of 1976 and the Export Control Reform Act of 2018) that have empowered various federal agencies to implement regulations which outline how exports from the United States must be performed. They are focused on the export of items, technology and software that have either a purely military purpose or have both a military and commercial application.  

An export is the 'transfer or release' of a 'controlled item, technology, or service' to a 'foreign person or destination'. If any of these three elements is missing, an export has not occurred. 

graphic depicting the definition of an export: Controlled item, technology or service plus transfer or release plus foreign person or destination equals export

While universities transfer and release technology to foreign persons regularly, we do not often work with controlled technology. However, the transfer of certain physical items, software and technology outside of the United States or to foreign persons inside the United States are exports that need to be managed according to these regulations.

Sanctions regulations are established by the Department of the Treasury, Office of Foreign Assets Control (OFAC) and cover the transfer of goods and services from and to

  • People and organizations located in comprehensively sanctioned destinations; and
  • People and organizations subject to sectoral or targeted sanctions.

Currently, comprehensively sanctioned destinations are Cuba, Iran, North Korea, and the Crimea, Donetsk and Luhansk regions of Ukraine.

Interactions with a sanctioned party may require governmental approval. Important policies and procedures related to export controls and sanctions are below:

Campus Export Control and Sanction Guidance

Classified Research

Ë¿¹ÏÊÓƵ of the University of Missouri and selected subsidiaries maintain a security agreement with the Department of Defense to have access to information that has been classified because it would damage national security if improperly released.

The programs and activities at the University of Missouri and approved subsidiaries which require access to classified information are vital parts of the defense and security systems of the United States. Ë¿¹ÏÊÓƵ of Missouri fully supports the National Industrial Security Program (NISP) and understands its obligation to implement security practices that contribute to the security of classified defense information.

Critical and Emerging Technologies List

The Critical and Emerging Technologies List (Archive, PDF) is a strategic document issued by the U.S. government to identify technologies that are vital to national security, economic prosperity, and global competitiveness. The list is curated by the National Science and Technology Council (NSTC) and coordinated through the White House Office of Science and Technology Policy (OSTP). The Research Security and Compliance has created a truncated version of the OSTP document (Archive, PDF) which contains only the listed technologies.  

Learn more about research data security best practices.