Strategic Planning for Advancing Research Compliance
Developing a practical Research Security Planning Framework to help small-to-mid-sized colleges and community colleges meet evolving federal research security requirements.
A Widening Compliance Divide in American Higher Education
The American research enterprise depends not only on large, research-intensive universities but also on a broad network of smaller colleges and community colleges that collectively confer over one-third of all undergraduate STEM degrees and administer more than $2.5 billion in federally funded research each year.
Yet federal mandates such as NSPM-33 and NIST SP 800-171 were designed with the operational capacity of R1 institutions in mind. Small-to-mid-sized institutions face a growing "compliance desert" where they bear the same legal and financial risks but lack the dedicated personnel, technical infrastructure, and administrative resources to meet these requirements.
SPARC directly addresses this challenge by developing a scalable, context-sensitive Research Security Planning Framework tailored to the realities of under-resourced campuses.
"The current research security regime risks producing a two-class system in U.S. higher education: one in which secure, compliant research is the privilege of well-resourced institutions."
— SPARC Field Scan Report, January 2026
An Integrated Theoretical Framework
SPARC synthesizes three established frameworks to guide the development of a Research Security Planning Framework that is both technically sound and institutionally adaptable.
NIST Cybersecurity Framework
Defines security outcomes through five core functions: Identify, Protect, Detect, Respond, and Recover. Complemented by NIST SP 800-171 for safeguarding Controlled Unclassified Information.
Organizational Change Theory
Schein's model examines how internal structures, leadership behaviors, and cultural factors influence institutional responses to research security requirements.
Diffusion of Innovation
Rogers' theory guides evaluation of how proposed practices are perceived in terms of relative advantage, compatibility, complexity, trialability, and observability.
Published Deliverables
Phase I of the SPARC project has produced three foundational research reports that map the national research security landscape and identify critical gaps in institutional preparedness.
Field Scan Report
CompletedA comprehensive, multi-method assessment of the research security landscape across 46 U.S. higher education institutions, revealing a stark compliance divide between Tier 1 and Tier 2 institutions.
Read moreSystematic Literature Review
CompletedAn exhaustive review of scholarly and policy literature from 2010 to 2025, documenting the near-total absence of empirical research on research security at small-to-mid-sized institutions.
Read moreComparative Policy Analysis
CompletedA detailed analysis of research compliance and security policies across 50+ U.S. academic institutions, revealing a strong correlation between R&D expenditure and security framework sophistication.
Read moreA 24-Month Phased Approach
SPARC employs a "research-on-research" design organized into four sequential six-month phases, each producing targeted empirical deliverables.
National Landscape Scan
Environmental scan, literature review, social media analysis, and policy mapping across the research security landscape.
CompletedInstitutional Case Studies
IRB-approved qualitative research at 3-5 case study institutions through semi-structured interviews and document analysis.
In ProgressTWG Convenings
Technical Working Group synthesis sessions to co-design preliminary RSPF components with national experts.
Framework Finalization
Usability testing, iterative refinement, and finalization of the Research Security Planning Framework.
Core Research Questions
What are the most significant research security risks and constraints currently experienced by under-resourced academic institutions?
How are these institutions interpreting and operationalizing evolving federal and state research security mandates (e.g., NSPM-33, NIST SP 800-171)?
What institutional strengths, values, and emergent practices can be identified and leveraged to support a resilient and context-sensitive approach to research security?
What essential components must a modular, scalable, and implementable RSPF include in order to be effective in under-resourced academic environments?
Building a More Resilient Research Enterprise
The SPARC project is committed to open-access dissemination. All materials will be released under a Creative Commons license to encourage reuse and local adaptation by institutions nationwide.