§19037. Research security and integrity information sharing analysis organization
(a) Establishment
The Director shall enter into an agreement with a qualified independent organization to establish a research security and integrity information sharing analysis organization (referred to in this section as the "RSI-ISAO"), which shall include members described in subsection (d) and carry out the duties described in subsection (b).
(b) Duties
The RSI-ISAO shall-
(1) serve as a clearinghouse for information to help enable the members and other entities in the research community to understand the context of their research and identify improper or illegal efforts by foreign entities to obtain research results, know how, materials, and intellectual property;
(2) develop a set of standard risk assessment frameworks and best practices, relevant to the research community, to assess research security risks in different contexts;
(3) share information concerning security threats and lessons learned from protection and response efforts through forums and other forms of communication;
(4) provide timely reports on research security risks to provide situational awareness tailored to the research and STEM education community;
(5) provide training and support, including through webinars, for relevant faculty and staff employed by institutions of higher education on topics relevant to research security risks and response;
(6) enable standardized information gathering and data compilation, storage, and analysis for compiled incident reports;
(7) support analysis of patterns of risk and identification of bad actors and enhance the ability of members to prevent and respond to research security risks; and
(8) take other appropriate steps to enhance research security.
(c) Funding
The Foundation may provide initial funds toward the RSI-ISAO but shall seek to have the fees authorized in subsection (d)(2) cover the costs of operations at the earliest practicable time.
(d) Membership
(1) In general
The RSI-ISAO shall serve and include members representing institutions of higher education, nonprofit research institutions, and small and medium-sized businesses.
(2) Fees
As soon as practicable, members of the RSI-ISAO shall be charged an annual rate to enable the RSI-ISAO to cover its costs. Rates shall be set on a sliding scale based on research and development expenditures to ensure that membership is accessible to a diverse community of stakeholders and ensure broad participation. The RSI-ISAO shall develop a plan to sustain the RSI-ISAO without Federal funding, as practicable.
(e) Board of directors
The RSI-ISAO may establish a board of directors to provide guidance for policies, legal issues, and plans and strategies of the entity's operations. The board shall include a diverse group of stakeholders representing the research community, including academia, industry, and experienced research security administrators.
(f) Stakeholder engagement
In establishing the RSI-ISAO under this section, the Director shall take necessary steps to ensure the services provided are aligned with the needs of the research community, including by-
(1) convening a series of workshops or other multi-stakeholder events; or
(2) publishing a description of the services the RSI-ISAO intends to provide and the requirements for membership in the Federal Register and provide an opportunity for submission of public comments for a period of not less than 60 days.
(