NSF 17-528: Cybersecurity Innovation for Cyberinfrastructure (CICI)

Program Solicitation

Program Solicitation NSF 17-528

National Science Foundation Directorate for Computer & Information Science & Engineering      Division of Advanced Cyberinfrastructure

Full Proposal Deadline(s) (due by 5 p.m. submitter's local time):

     March 01, 2017

Important Information And Revision Notes

This solicitation updates the Cybersecurity Innovation for Cyberinfrastructure (CICI) solicitation NSF 16-533, issued January 20, 2016. The CICI program continues to support the goal of a secure scientific workflow. The current solicitation:

• Adds a new Program Area, Cybersecurity Enhancement;
• Removes the Regional Cybersecurity Collaboration Program Area; and
• Renames the Secure and Resilient Architecture Program Area to Resilient Security Architecture for Research Cyberinfrastructure.

Any proposal submitted in response to this solicitation should be submitted in accordance with the revised NSF Proposal & Award Policies & Procedures Guide (PAPPG) (NSF 17-1), which is effective for proposals submitted, or due, on or after January 30, 2017. Please be advised that proposers who opt to submit prior to January 30, 2017, must also follow the guidelines contained in NSF 17-1.

Summary Of Program Requirements

General Information

Program Title:

Cybersecurity Innovation for Cyberinfrastructure (CICI)

Synopsis of Program:

Advancements in data-driven scientific research depend on trustworthy and reliable cyberinfrastructure. Researchers rely on a variety of networked technologies and software tools to achieve their scientific goals. These may include local or remote instruments, wireless sensors, software programs, operating systems, database servers, high-performance computing, large-scale storage, and other critical infrastructure connected by high-speed networking. This complex, distributed, interconnected global cyberinfrastructure ecosystem presents unique cybersecurity challenges. NSF-funded scientific instruments, sensors and equipment are specialized, highly-visible assets that present attractive targets for both unintentional errors and malicious activity; untrustworthy software or a loss of integrity of the data collected by a scientific instrument may mean corrupt, skewed or incomplete results. Furthermore, often data-driven research, e.g., in the medical field or in the social sciences, requires access to private information, and exposure of such data may cause financial, reputational and/or other damage.

Therefore, an increasing area of focus for NSF is the development and deployment of hardware and software technologies and techniques to protect research cyberinfrastructure across every stage of the scientific workflow.

Cognizant Program Officer(s):

Please note that the following information is current at the time of publishing. See program website for any updates to the points of contact.

• Anita Nikolich, Program Director, CISE/ACI, telephone: (703) 292-4551, email: anikolic@nsf.gov

• Kevin Thompson, Program Director, CISE/ACI, telephone: 703-292-4220, email: kthompso@nsf.gov

Applicable Catalog of Federal Domestic Assistance (CFDA) Number(s):

• 47.070 --- Computer and Information Science and Engineering

Award Information

Anticipated Type of Award: Standard Grant or Continuing Grant

Estimated Number of Awards: 7 to 9

Anticipated Funding Amount: $8,500,000

Total funding for the CICI program is $8,500,000, subject to the availability of funds. Resilient Security Architecture for Research Cyberinfrastructure awards will be supported at up to $1,000,000 total per award for up to three years. Cybersecurity Enhancement awards will be supported at up to $1,000,000 total per award for up to two years.

Eligibility Information

Who May Submit Proposals:

Proposals may only be submitted by the following:

• Universities and Colleges - Universities and two- and four-year colleges (including community colleges) accredited in, and having a campus located in, the US acting on behalf of their faculty members. Such organizations also are referred to as academic institutions.
• Non-profit, non-academic organizations: Independent museums, observatories, research labs, professional societies and similar organizations in the U.S. associated with educational or research activities.

Who May Serve as PI:

There are no restrictions or limits.

Limit on Number of Proposals per Organization: 2

Organizations are limited to 2 CICI proposals. These eligibility constraints will be strictly enforced in order to treat everyone fairly and consistently. In the event that an organization exceeds this limit, proposals received within the limit will be accepted based on earliest date and time of proposal submission (i.e., the first two proposals received will be accepted and the remainder will be returned without review). No exceptions will be made.

Limit on Number of Proposals per PI or Co-PI:

There are no restrictions or limits.

Proposal Preparation and Submission Instructions

A. Proposal Preparation Instructions

• Letters of Intent: Not required

• Preliminary Proposal Submission: Not required

• Full Proposals:

  • Full Proposals submitted via FastLane: NSF Proposal and Award Policies and Procedures Guide, Part I: Grant Proposal Guide (GPG) Guidelines apply. The complete text of the GPG is available electronically on the NSF website at: https://www.nsf.gov/publications/pub_summ.jsp?ods_key=gpg.
  • Full Proposals submitted via Grants.gov: NSF Grants.gov Application Guide: A Guide for the Preparation and Submission of NSF Applications via Grants.gov Guidelines apply (Note: The NSF Grants.gov Application Guide is available on the Grants.gov website and on the NSF website at: https://www.nsf.gov/publications/pub_summ.jsp?ods_key=grantsgovguide)

B. Budgetary Information

• Cost Sharing Requirements:

  Inclusion of voluntary committed cost sharing is prohibited.

• Indirect Cost (F&A) Limitations:

  Not Applicable

• Other Budgetary Limitations:

  Not Applicable

C. Due Dates

• Full Proposal Deadline(s) (due by 5 p.m. submitter's local time):

       March 01, 2017

Proposal Review Information Criteria

Merit Review Criteria:

National Science Board approved criteria. Additional merit review considerations apply. Please see the full text of this solicitation for further information.

Award Administration Information

Award Conditions:

Standard NSF award conditions apply.

Reporting Requirements:

Standard NSF reporting requirements apply.

I. Introduction

The integrity of the scientific workflow is diverse and may be dynamic. It may start with observations that are then analyzed and retained. Or it may start from previously collected data and analyses that are reanalyzed together with new sources of data. The integrity of the workflow and associated data is essential to scientific credibility. Network-connected remote or local scientific instruments such as telescopes, microscopes, external data repositories, research computers, and sensing devices collect and/or analyze a tremendous amount of raw information, yet remain vulnerable. The research environment may be much more complex, yet often receives less attention than business systems. However, unprotected research cyberinfrastructure (CI) and scientific data may be valuable or subject to confidentiality requirements, and potentially vulnerable to theft or corruption, presenting an attractive target of opportunity for attack and compromise. As national and international collaborations become commonplace and broader access to research data occurs, protection of systems, processes, data, software and the network from deliberate misuse is essential. This solicitation addresses the protection, integrity and reliability of research processes and the resulting information.

II. Program Description

Science is increasingly being conducted by distributed international collaborations and virtual organizations using shared cyberinfrastructure resources. Given the challenges with deploying and operating cyberinfrastructure at a large scale, security and resilience for the environment are both paramount. The objective of the Cybersecurity Innovation for Cyberinfrastructure (CICI) program is to develop, deploy and integrate security solutions that benefit the scientific community by ensuring the integrity, resilience and reliability of the end-to-end scientific workflow. This solicitation seeks unique ways to protect scientific instruments, resources, cyberinfrastructure and data that extend beyond building better perimeters and point solutions. As funding agencies move toward providing openly accessible data, the possibilities for scientists and engineers to use data sources beyond those created by their own community grow.

The scope of the scientific workflow encompasses instruments, mobile and traditional networks, processing software, analysis tools, computing and storage resources as well as information repositories and data archives. In order to produce accurate results, each data source must be identifiable and trustworthy. Systems must guarantee that data sets cannot be altered, which could potentially modify the analytic outcomes.

Funded activities under CICI should identify opportunities for student engagement as well as cybersecurity education and training. Proposals that demonstrate opportunities to engage students directly in the deployment, operation, and advancement of the CICI-funded activities are welcome.

The CICI program is not the appropriate mechanism to provide support for basic cybersecurity research. Such projects would be better served as submissions to the Secure and Trustworthy Cyberspace (SaTC) program.

CICI comprises two Program Areas outlined below:

1. Resilient Security Architecture for Research Cyberinfrastructure

Research Cyberinfrastructure environments have become increasingly complex as campuses and other research institutions adapt their existing research cyberinfrastructure to include a range of new technologies and modalities including private and commercially-available cloud computing resources, new forms of shared data and computing infrastructure, identity management which spans institutions, and distributed shared computing, storage and network resources. As a result, it has become difficult to monitor and control the end-to-end scientific environment. Deliberate or unintentional incidents that affect systems are often difficult to detect. Identifying unauthorized users, system anomalies and the loss or corruption of data remain formidable challenges.

Collaborative scientific experiments are complex and may include participants from multiple institutions, national labs or organizations physically distributed across campuses, sites or countries. Legitimate users often arrive at scientific experiments and collaborations from a multitude of institutions and with complex access relationships. Complex technical relationships may exist between experiments, institutions and information technology service providers, but security is a shared requirement.

This program area seeks to address this complexity by encouraging novel and trustworthy architectural and design approaches, models and frameworks for the creation of a holistic, integrated security environment that spans the entire scientific CI ecosystem. Projects must demonstrate strong security architecture and systems security engineering generalizable across a diverse scientific workflow. Technical solutions must be driven by at least one scientific community, facility or project.

NSF recognizes the inherent diversity that exists in an organization's operational security practices and policies as well as the range of underlying security architectures. However, understanding and mitigating threats to the environment based on empirical data is critical to enhancing the security and resilience of scientific cyberinfrastructure. Approaches that address the collection of quantitative security-related metrics are encouraged, as these metrics can be used to define a risk management posture for the open science being conducted by an institution, experiment or collaboration.

Proposals are encouraged to include a technical proof-of-concept implementation or operational prototype, including the participation of end users, for the proposed approach. Collaborations with other government agencies or industry partners are welcome.

Some areas of interest include, but are not limited to:

• New approaches that demonstrate substantive improvements to secure and protect operational cyberinfrastructure. Key infrastructure services include, but are not limited to, naming/Domain Name System (DNS), secure routing, and network time synchronization. For all these areas, security standards such as Domain Name System Security (DNSSEC) and Resource Public Key Infrastructure (RPKI) are available, but few organizations have chosen to adopt and implement these in their environments. As a result, communication may be misdirected to the wrong data location, a man-in-the-middle attack may modify data in transit, or key data aspects such as timestamps may be invalid.

• Techniques and tools to detect behavioral anomalies across cyberinfrastructure systems, including detecting the tools and techniques of an attack and methods to mitigate security threats.

• More robust, efficient and secure transfer of data while retaining the integrity of the data sets. With the growing amount of remote instruments and the increasing amount of data being collected from multiple, often remote, wireless and mobile sensors, science is increasingly distributed and virtual. Solutions such as the introduction of blockchain technology are needed to ensure the integrity and confidentiality of data as it traverses multiple environments such as mobile, cloud, campus, and Internet networks.

• Security metrics, including the implementation of data analytics and trend analysis methodologies and tools in order to both provide incident tracking and measurement of the effectiveness and impact of security tools, processes and architectures. This can include the creation of meaningful visualizations or metrics that are tightly integrated with other information technology (IT) functions. Quantitative and actionable security metrics are critical to performing consistent long-term trending of the cyberinfrastructure and making iterative improvements to the security posture.

Proposers must identify reportable success metrics within the proposal. An outcomes assessment, including a measurement of the value provided at the conclusion of the grant, is critical in determining the success of the proposed approach.

A proposal in this area must demonstrate that the proposed architecture responds to the needs of the science and engineering communities and serve to advance scientific discoveries, collaborations and innovations. Proposers must document explicit partnerships or collaborations with one or more domain scientists, research groups or IT support organizations. Proposers are encouraged to explain the threat model upon which the proposed solution is predicated.

A sustainability plan describing how the proposed system will be supported beyond the project time period must be included.

In the Supplementary Documents section, a proposal responsive to this program area must include Systems Architecture diagram(s) of the proposed implementation or framework. Proposers should use the diagram(s) to document both the logical and physical architecture(s) of the proposed implementation and describe the system components and interrelationships.

Each proposal must also include as a Supplementary Document a Project Plan of up to 5 pages addressing the goals and milestones for development of the resulting system or framework.

Additional proposal preparation guidance for this Program Area can be found in Section V.A. Proposal Preparation Instructions.

2. Cybersecurity Enhancement

Cyberinfrastructure projects often proceed without considerations of the security, integrity and privacy implications of the system or effort. This program area addresses the critical need to focus attention and resources on the security attributes of scientific cyberinfrastructure. Systems and network discovery is a precursor to understanding the attack surface and lays the foundation for development and implementation of a strong security architecture.

Proposals submitted to this area should address scientific research and education needs for secure connectivity on campus and/or externally. Proposals may address the need to assess and redesign their campus security architecture to better support scientific and research data flows.

Some areas of interest include, but are not limited to:

• Activities such as security assessments and security design reviews that lead to a better understanding of the protocols utilized by the science workflows within a campus or site, between campuses and/or sites, within a region and between regional and national resources. For example, in preparation for re-architecting a network to support large science data flows by designing and building a Science DMZ, an understanding of the underlying communication protocols is essential. This understanding can serve to define a risk management posture for the scientific collaboration. It also provides an understanding of the state of the environment prior to and after deployment of a Science DMZ or secure architecture or system. It can also lead to the quicker identification of a compromised host or system. Such activities should lead to a baseline of what is accepted as “normal” traffic traversing the cyberinfrastructure, so that anomalies can be more easily identified by security monitoring systems. Activities may include remediation efforts to ensure the cyberinfrastructure is more secure.

• Novel means by which to operationally integrate and deploy commercial and open source security tools such as protocol analyzers, intrusion detection systems, event monitoring tools, logging devices and firewalls to protect all aspects of the scientific workflow.

• Efforts to add open source federated identity management to existing cyberinfrastructure-related applications in order to streamline user access to resources hosted within an organization or by another federation partner.

Proposers must identify reportable success metrics within the proposal. An outcomes assessment, including a measurement of the value provided at the conclusion of the grant, is critical in determining the success of the proposed approach.

A proposal in this area must demonstrate that the proposed architecture responds to the needs of the science and engineering communities and serves to advance scientific discoveries, collaborations and innovations. All proposals in this area must document explicit partnerships or collaborations with the IT support organization, including security leaders such as the Chief Information Security Officer (CISO), Chief Privacy Officer (CPO) or similar functional position within an institution, collaboration or facility. Letters of collaboration with research cyberinfrastructure leadership are encouraged. Partnership documentation from personnel not included in a proposal as PI, co-PI, or senior personnel should be in the form of a letter of collaboration located in the Supplementary Documents section of the proposal.

Proposals must include as a Supplementary Document a Project Plan of up to 5 pages addressing the goals and milestones for activities in this area.

Additional proposal preparation guidance for this category can be found in Section V.A. Proposal Preparation Instructions.

III. Award Information

Anticipated Type of Award: Continuing Grant or Standard Grant

Estimated Number of Awards: 7-9

Anticipated Funding Amount: $8,500,000

Total funding for the CICI program, subject to the availability of funds. Resilient Security Architecture for Research Cyberinfrastructure awards will be supported at up to $1,000,000 total per award for up to three years. Cybersecurity Enhancement awards will be supported at up to $1,000,000 total per award for up to two years.

Estimated program budget, number of awards and average award size/duration are subject to the availability of funds.

IV. Eligibility Information

Who May Submit Proposals:

Proposals may only be submitted by the following:

• Universities and Colleges - Universities and two- and four-year colleges (including community colleges) accredited in, and having a campus located in, the US acting on behalf of their faculty members. Such organizations also are referred to as academic institutions.
• Non-profit, non-academic organizations: Independent museums, observatories, research labs, professional societies and similar organizations in the U.S. associated with educational or research activities.

Who May Serve as PI:

There are no restrictions or limits.

Limit on Number of Proposals per Organization: 2

Organizations are limited to 2 CICI proposals. These eligibility constraints will be strictly enforced in order to treat everyone fairly and consistently. In the event that an organization exceeds this limit, proposals received within the limit will be accepted based on earliest date and time of proposal submission (i.e., the first two proposals received will be accepted and the remainder will be returned without review). No exceptions will be made.

Limit on Number of Proposals per PI or Co-PI:

There are no restrictions or limits.

Additional Eligibility Info:

Proposals must identify a lead institution. Collaborative proposals submitted as simultaneous submission of proposals from different organizations, with each organization requesting a separate award, are not allowed. Instead, proposals involving multiple institutions must be submitted as a single proposal, in which a single award is being requested (with subawards administered by the lead organization).

V. Proposal Preparation And Submission Instructions

A. Proposal Preparation Instructions

Full Proposal Preparation Instructions: Proposers may opt to submit proposals in response to this Program Solicitation via Grants.gov or via the NSF FastLane system.

• Full proposals submitted via FastLane: Proposals submitted in response to this program solicitation should be prepared and submitted in accordance with the general guidelines contained in the NSF Grant Proposal Guide (GPG). The complete text of the GPG is available electronically on the NSF website at: https://www.nsf.gov/publications/pub_summ.jsp?ods_key=gpg. Paper copies of the GPG may be obtained from the NSF Publications Clearinghouse, telephone (703) 292-7827 or by e-mail from nsfpubs@nsf.gov. Proposers are reminded to identify this program solicitation number in the program solicitation block on the NSF Cover Sheet For Proposal to the National Science Foundation. Compliance with this requirement is critical to determining the relevant proposal processing guidelines. Failure to submit this information may delay processing.

• Full proposals submitted via Grants.gov: Proposals submitted in response to this program solicitation via Grants.gov should be prepared and submitted in accordance with the NSF Grants.gov Application Guide: A Guide for the Preparation and Submission of NSF Applications via Grants.gov. The complete text of the NSF Grants.gov Application Guide is available on the Grants.gov website and on the NSF website at: (https://www.nsf.gov/publications/pub_summ.jsp?ods_key=grantsgovguide). To obtain copies of the Application Guide and Application Forms Package, click on the Apply tab on the Grants.gov site, then click on the Apply Step 1: Download a Grant Application Package and Application Instructions link and enter the funding opportunity number, (the program solicitation number without the NSF prefix) and press the Download Package button. Paper copies of the Grants.gov Application Guide also may be obtained from the NSF Publications Clearinghouse, telephone (703) 292-7827 or by e-mail from nsfpubs@nsf.gov.

See Chapter II.C.2 of the GPG for guidance on the required sections of a full research proposal submitted to NSF. Please note that the proposal preparation instructions provided in this program solicitation may deviate from the GPG instructions.

The following information supplements the guidelines and requirements in the NSF PAPPG and NSF Grants.gov Application Guide:

For Resilient Security Architecture for Research Cyberinfrastructure Proposals:

Proposals in this area require titles that begin with CICI: RSARC: followed by the title of the project.

All proposals in this area must document explicit partnerships or collaborations with one or more domain scientists, research groups or IT support organizations. Partnership documentation from personnel not included in the proposal as PI, co-PI, or senior personnel should be in the form of a letter of collaboration located in the Supplementary Documents section of the proposal.

Proposals must state which software license will be used for any released software, and why this license has been chosen. NSF expects that a standard open source license will be used, but a different option can be proposed if well justified in terms of meeting the CICI program goals.

Refer to Section II, Program Description, for additional information about requirements for Resilient Security Architecture for Research Cyberinfrastructure proposals. In particular, a Systems Architecture Diagram(s) and a Project Plan of up to 5 pages in length must be included as Supplementary Documents.

For Cybersecurity Enhancement Proposals:

Proposals in this area require titles that begin with CICI: CE: followed by the title of the project.

Proposals must state which software license will be used for any released software, and why this license has been chosen. NSF expects that a standard open source license will be used, but a different option can be proposed if well justified in terms of meeting the CICI program goals.

Refer to Section II, Program Description, for additional information about requirements for Cybersecurity Enhancement proposals. In particular, a Project Plan of up to 5 pages in length must be included as a Supplementary Document.

All proposals in this area must document explicit partnerships or collaborations with the IT support organization, including security leaders such as the Chief Information Security Officer (CISO), Chief Privacy Officer (CPO) or similar functional position within an institution, collaboration or facility. Letters of collaboration with research cyberinfrastructure leadership are encouraged. Partnership documentation from personnel not included in a proposal as PI, co-PI, or senior personnel should be in the form of a letter of collaboration located in the Supplementary Documents section of the proposal.

For Resilient Security Architecture for Research Cyberinfrastructure Proposals AND For Cybersecurity Enhancement Proposals:

Supplementary Documents

List of Project Personnel and Partner Institutions (Note - In collaborative proposals, only the lead institution should provide this information): Provide current, accurate information for all personnel and institutions involved in the project. NSF staff will use this information in the merit review process to manage conflicts of interest. The list should include all PIs, Co-PIs, Senior Personnel, paid/unpaid Consultants or Collaborators, Sub awardees, Postdocs, and project-level advisory committee members. This list should be numbered, in alphabetical order by last name, and include for each entry (in this order) Full name, Organization(s), and Role in the project, with each item separated by a semi-colon. Each person listed should start a new numbered line. For example:

1. Mary Adams; XYZ University; PI
2. John Brown; University of PQR; Senior Personnel
3. Jane Green; XYZ University; Postdoc
4. Bob Jones; ABC Inc.; Paid Consultant
5. Tim White; ZZZ University; Subawardee

Single Copy Documents

Collaborators and Other Affiliations Information:

For this solicitation, the Collaborators & Other Affiliations information specified in the PAPPG should be submitted using the spreadsheet template found at https://www.nsf.gov/cise/collab/. For each proposal, a completed spreadsheet for each PI, co-PI, or senior personnel must be uploaded directly into Fastlane in .xls or .xlsx format as a “Collaborator and Other Affiliations” Single Copy Document. NSF staff use this information in the merit review process to help manage reviewer selection; the spreadsheet will ensure the Collaborator and Other Affiliations information has a common, searchable format.

Note the distinction to above for Supplementary Documents: the listing of all project participants is collected by the project lead and entered as a Supplementary Document, which is then automatically included with all proposals in a project. The Collaborators and Other Affiliations are entered for each participant within each proposal and, as Single Copy Documents, are available only to NSF staff. Collaborators and Other Affiliations due to participants listed above that are not PIs, co-PIs, or senior personnel can be uploaded under Additional Single Copy Documents using Transfer File.

B. Budgetary Information

Cost Sharing:

Inclusion of voluntary committed cost sharing is prohibited.

Budget Preparation Instructions:

Budgets should include travel funds for the project principal investigators and other team members, as appropriate, from all collaborating institutions to attend one annual Principal Investigators' meeting.

C. Due Dates

• Full Proposal Deadline(s) (due by 5 p.m. submitter's local time):

       March 01, 2017

D. FastLane/Grants.gov Requirements

For Proposals Submitted Via FastLane:

To prepare and submit a proposal via FastLane, see detailed technical instructions available at: https://www.fastlane.nsf.gov/a1/newstan.htm. For FastLane user support, call the FastLane Help Desk at 1-800-673-6188 or e-mail fastlane@nsf.gov. The FastLane Help Desk answers general technical questions related to the use of the FastLane system. Specific questions related to this program solicitation should be referred to the NSF program staff contact(s) listed in Section VIII of this funding opportunity.

For Proposals Submitted Via Grants.gov:

Before using Grants.gov for the first time, each organization must register to create an institutional profile. Once registered, the applicant's organization can then apply for any federal grant on the Grants.gov website. Comprehensive information about using Grants.gov is available on the Grants.gov Applicant Resources webpage: http://www.grants.gov/web/grants/applicants.html. In addition, the NSF Grants.gov Application Guide (see link in Section V.A) provides instructions regarding the technical preparation of proposals via Grants.gov. For Grants.gov user support, contact the Grants.gov Contact Center at 1-800-518-4726 or by email: support@grants.gov. The Grants.gov Contact Center answers general technical questions related to the use of Grants.gov. Specific questions related to this program solicitation should be referred to the NSF program staff contact(s) listed in Section VIII of this solicitation.

Submitting the Proposal: Once all documents have been completed, the Authorized Organizational Representative (AOR) must submit the application to Grants.gov and verify the desired funding opportunity and agency to which the application is submitted. The AOR must then sign and submit the application to Grants.gov. The completed application will be transferred to the NSF FastLane system for further processing.

Proposers that submitted via FastLane are strongly encouraged to use FastLane to verify the status of their submission to NSF. For proposers that submitted via Grants.gov, until an application has been received and validated by NSF, the Authorized Organizational Representative may check the status of an application on Grants.gov. After proposers have received an e-mail notification from NSF, Research.gov should be used to check the status of an application.

VI. NSF Proposal Processing And Review Procedures

Proposals received by NSF are assigned to the appropriate NSF program for acknowledgement and, if they meet NSF requirements, for review. All proposals are carefully reviewed by a scientist, engineer, or educator serving as an NSF Program Officer, and usually by three to ten other persons outside NSF either as ad hoc reviewers, panelists, or both, who are experts in the particular fields represented by the proposal. These reviewers are selected by Program Officers charged with oversight of the review process. Proposers are invited to suggest names of persons they believe are especially well qualified to review the proposal and/or persons they would prefer not review the proposal. These suggestions may serve as one source in the reviewer selection process at the Program Officer's discretion. Submission of such names, however, is optional. Care is taken to ensure that reviewers have no conflicts of interest with the proposal. In addition, Program Officers may obtain comments from site visits before recommending final action on proposals. Senior NSF staff further review recommendations for awards. A flowchart that depicts the entire NSF proposal and award process (and associated timeline) is included in the GPG as Exhibit III-1.

A comprehensive description of the Foundation's merit review process is available on the NSF website at: https://www.nsf.gov/bfa/dias/policy/merit_review/.

Proposers should also be aware of core strategies that are essential to the fulfillment of NSF's mission, as articulated in Investing in Science, Engineering, and Education for the Nation's Future: NSF Strategic Plan for 2014-2018. These strategies are integrated in the program planning and implementation process, of which proposal review is one part. NSF's mission is particularly well-implemented through the integration of research and education and broadening participation in NSF programs, projects, and activities.

One of the strategic objectives in support of NSF's mission is to foster integration of research and education through the programs, projects, and activities it supports at academic and research institutions. These institutions must recruit, train, and prepare a diverse STEM workforce to advance the frontiers of science and participate in the U.S. technology-based economy. NSF's contribution to the national innovation ecosystem is to provide cutting-edge research under the guidance of the Nation's most creative scientists and engineers. NSF also supports development of a strong science, technology, engineering, and mathematics (STEM) workforce by investing in building the knowledge that informs improvements in STEM teaching and learning.

NSF's mission calls for the broadening of opportunities and expanding participation of groups, institutions, and geographic regions that are underrepresented in STEM disciplines, which is essential to the health and vitality of science and engineering. NSF is committed to this principle of diversity and deems it central to the programs, projects, and activities it considers and supports.

A. Merit Review Principles and Criteria

The National Science Foundation strives to invest in a robust and diverse portfolio of projects that creates new knowledge and enables breakthroughs in understanding across all areas of science and engineering research and education. To identify which projects to support, NSF relies on a merit review process that incorporates consideration of both the technical aspects of a proposed project and its potential to contribute more broadly to advancing NSF's mission "to promote the progress of science; to advance the national health, prosperity, and welfare; to secure the national defense; and for other purposes." NSF makes every effort to conduct a fair, competitive, transparent merit review process for the selection of projects.

1. Merit Review Principles

These principles are to be given due diligence by PIs and organizations when preparing proposals and managing projects, by reviewers when reading and evaluating proposals, and by NSF program staff when determining whether or not to recommend proposals for funding and while overseeing awards. Given that NSF is the primary federal agency charged with nurturing and supporting excellence in basic research and education, the following three principles apply:

• All NSF projects should be of the highest quality and have the potential to advance, if not transform, the frontiers of knowledge.
• NSF projects, in the aggregate, should contribute more broadly to achieving societal goals. These "Broader Impacts" may be accomplished through the research itself, through activities that are directly related to specific research projects, or through activities that are supported by, but are complementary to, the project. The project activities may be based on previously established and/or innovative methods and approaches, but in either case must be well justified.
• Meaningful assessment and evaluation of NSF funded projects should be based on appropriate metrics, keeping in mind the likely correlation between the effect of broader impacts and the resources provided to implement projects. If the size of the activity is limited, evaluation of that activity in isolation is not likely to be meaningful. Thus, assessing the effectiveness of these activities may best be done at a higher, more aggregated, level than the individual project.

With respect to the third principle, even if assessment of Broader Impacts outcomes for particular projects is done at an aggregated level, PIs are expected to be accountable for carrying out the activities described in the funded project. Thus, individual projects should include clearly stated goals, specific descriptions of the activities that the PI intends to do, and a plan in place to document the outputs of those activities.

These three merit review principles provide the basis for the merit review criteria, as well as a context within which the users of the criteria can better understand their intent.

2. Merit Review Criteria

All NSF proposals are evaluated through use of the two National Science Board approved merit review criteria. In some instances, however, NSF will employ additional criteria as required to highlight the specific objectives of certain programs and activities.

The two merit review criteria are listed below. Both criteria are to be given full consideration during the review and decision-making processes; each criterion is necessary but neither, by itself, is sufficient. Therefore, proposers must fully address both criteria. (GPG Chapter II.C.2.d.i. contains additional information for use by proposers in development of the Project Description section of the proposal.) Reviewers are strongly encouraged to review the criteria, including GPG Chapter II.C.2.d.i., prior to the review of a proposal.

When evaluating NSF proposals, reviewers will be asked to consider what the proposers want to do, why they want to do it, how they plan to do it, how they will know if they succeed, and what benefits could accrue if the project is successful. These issues apply both to the technical aspects of the proposal and the way in which the project may make broader contributions. To that end, reviewers will be asked to evaluate all proposals against two criteria:

• Intellectual Merit: The Intellectual Merit criterion encompasses the potential to advance knowledge; and
• Broader Impacts: The Broader Impacts criterion encompasses the potential to benefit society and contribute to the achievement of specific, desired societal outcomes.

The following elements should be considered in the review for both criteria:

1. What is the potential for the proposed activity to
   1. Advance knowledge and understanding within its own field or across different fields (Intellectual Merit); and
   2. Benefit society or advance desired societal outcomes (Broader Impacts)?
2. To what extent do the proposed activities suggest and explore creative, original, or potentially transformative concepts?
3. Is the plan for carrying out the proposed activities well-reasoned, well-organized, and based on a sound rationale? Does the plan incorporate a mechanism to assess success?
4. How well qualified is the individual, team, or organization to conduct the proposed activities?
5. Are there adequate resources available to the PI (either at the home organization or through collaborations) to carry out the proposed activities?

Broader impacts may be accomplished through the research itself, through the activities that are directly related to specific research projects, or through activities that are supported by, but are complementary to, the project. NSF values the advancement of scientific knowledge and activities that contribute to achievement of societally relevant outcomes. Such outcomes include, but are not limited to: full participation of women, persons with disabilities, and underrepresented minorities in science, technology, engineering, and mathematics (STEM); improved STEM education and educator development at any level; increased public scientific literacy and public engagement with science and technology; improved well-being of individuals in society; development of a diverse, globally competitive STEM workforce; increased partnerships between academia, industry, and others; improved national security; increased economic competitiveness of the United States; and enhanced infrastructure for research and education.

Proposers are reminded that reviewers will also be asked to review the Data Management Plan and the Postdoctoral Researcher Mentoring Plan, as appropriate.

Additional Solicitation Specific Review Criteria

All CICI projects will be reviewed with careful attention to the following:

• The extent to which the work provides a needed capability required by the science, engineering and education community;

• The expected impact on the security of the deployed environment described in the proposal, and potential impact across a broader segment of the NSF community; and

• The feasibility, utility, and interoperability of the capability in its proposed operational role.

B. Review and Selection Process

Proposals submitted in response to this program solicitation will be reviewed by Ad hoc Review and/or Panel Review.

Reviewers will be asked to evaluate proposals using two National Science Board approved merit review criteria and, if applicable, additional program specific criteria. A summary rating and accompanying narrative will generally be completed and submitted by each reviewer and/or panel. The Program Officer assigned to manage the proposal's review will consider the advice of reviewers and will formulate a recommendation.

After scientific, technical and programmatic review and consideration of appropriate factors, the NSF Program Officer recommends to the cognizant Division Director whether the proposal should be declined or recommended for award. NSF strives to be able to tell applicants whether their proposals have been declined or recommended for funding within six months. Large or particularly complex proposals or proposals from new awardees may require additional review and processing time. The time interval begins on the deadline or target date, or receipt date, whichever is later. The interval ends when the Division Director acts upon the Program Officer's recommendation.

After programmatic approval has been obtained, the proposals recommended for funding will be forwarded to the Division of Grants and Agreements for review of business, financial, and policy implications. After an administrative review has occurred, Grants and Agreements Officers perform the processing and issuance of a grant or other agreement. Proposers are cautioned that only a Grants and Agreements Officer may make commitments, obligations or awards on behalf of NSF or authorize the expenditure of funds. No commitment on the part of NSF should be inferred from technical or budgetary discussions with a NSF Program Officer. A Principal Investigator or organization that makes financial or personnel commitments in the absence of a grant or cooperative agreement signed by the NSF Grants and Agreements Officer does so at their own risk.

Once an award or declination decision has been made, Principal Investigators are provided feedback about their proposals. In all cases, reviews are treated as confidential documents. Verbatim copies of reviews, excluding the names of the reviewers or any reviewer-identifying information, are sent to the Principal Investigator/Project Director by the Program Officer. In addition, the proposer will receive an explanation of the decision to award or decline funding.

VII. Award Administration Information

A. Notification of the Award

Notification of the award is made to the submitting organization by a Grants Officer in the Division of Grants and Agreements. Organizations whose proposals are declined will be advised as promptly as possible by the cognizant NSF Program administering the program. Verbatim copies of reviews, not including the identity of the reviewer, will be provided automatically to the Principal Investigator. (See Section VI.B. for additional information on the review process.)

B. Award Conditions

An NSF award consists of: (1) the award notice, which includes any special provisions applicable to the award and any numbered amendments thereto; (2) the budget, which indicates the amounts, by categories of expense, on which NSF has based its support (or otherwise communicates any specific approvals or disapprovals of proposed expenditures); (3) the proposal referenced in the award notice; (4) the applicable award conditions, such as Grant General Conditions (GC-1)*; or Research Terms and Conditions* and (5) any announcement or other NSF issuance that may be incorporated by reference in the award notice. Cooperative agreements also are administered in accordance with NSF Cooperative Agreement Financial and Administrative Terms and Conditions (CA-FATC) and the applicable Programmatic Terms and Conditions. NSF awards are electronically signed by an NSF Grants and Agreements Officer and transmitted electronically to the organization via e-mail.

*These documents may be accessed electronically on NSF's Website at https://www.nsf.gov/awards/managing/award_conditions.jsp?org=NSF. Paper copies may be obtained from the NSF Publications Clearinghouse, telephone (703) 292-7827 or by e-mail from nsfpubs@nsf.gov.

More comprehensive information on NSF Award Conditions and other important information on the administration of NSF awards is contained in the NSF Award & Administration Guide (AAG) Chapter II, available electronically on the NSF Website at https://www.nsf.gov/publications/pub_summ.jsp?ods_key=aag.

C. Reporting Requirements

For all multi-year grants (including both standard and continuing grants), the Principal Investigator must submit an annual project report to the cognizant Program Officer no later than 90 days prior to the end of the current budget period. (Some programs or awards require submission of more frequent project reports). No later than 120 days following expiration of a grant, the PI also is required to submit a final project report, and a project outcomes report for the general public.

Failure to provide the required annual or final project reports, or the project outcomes report, will delay NSF review and processing of any future funding increments as well as any pending proposals for all identified PIs and co-PIs on a given award. PIs should examine the formats of the required reports in advance to assure availability of required data.

PIs are required to use NSF's electronic project-reporting system, available through Research.gov, for preparation and submission of annual and final project reports. Such reports provide information on accomplishments, project participants (individual and organizational), publications, and other specific products and impacts of the project. Submission of the report via Research.gov constitutes certification by the PI that the contents of the report are accurate and complete. The project outcomes report also must be prepared and submitted using Research.gov. This report serves as a brief summary, prepared specifically for the public, of the nature and outcomes of the project. This report will be posted on the NSF website exactly as it is submitted by the PI.

More comprehensive information on NSF Reporting Requirements and other important information on the administration of NSF awards is contained in the NSF Award & Administration Guide (AAG) Chapter II, available electronically on the NSF Website at https://www.nsf.gov/publications/pub_summ.jsp?ods_key=aag.

VIII. Agency Contacts

Please note that the program contact information is current at the time of publishing. See program website for any updates to the points of contact.

General inquiries regarding this program should be made to:

• Anita Nikolich, Program Director, CISE/ACI, telephone: (703) 292-4551, email: anikolic@nsf.gov

• Kevin Thompson, Program Director, CISE/ACI, telephone: 703-292-4220, email: kthompso@nsf.gov

For questions related to the use of FastLane, contact:

• FastLane Help Desk, telephone: 1-800-673-6188; e-mail: fastlane@nsf.gov.

For questions relating to Grants.gov contact:

• Grants.gov Contact Center: If the Authorized Organizational Representatives (AOR) has not received a confirmation message from Grants.gov within 48 hours of submission of application, please contact via telephone: 1-800-518-4726; e-mail: support@grants.gov.

IX. Other Information

The NSF website provides the most comprehensive source of information on NSF Directorates (including contact information), programs and funding opportunities. Use of this website by potential proposers is strongly encouraged. In addition, "NSF Update" is an information-delivery system designed to keep potential proposers and other interested parties apprised of new NSF funding opportunities and publications, important changes in proposal and award policies and procedures, and upcoming NSF Grants Conferences. Subscribers are informed through e-mail or the user's Web browser each time new publications are issued that match their identified interests. "NSF Update" also is available on NSF's website.

Grants.gov provides an additional electronic capability to search for Federal government-wide grant opportunities. NSF funding opportunities may be accessed via this mechanism. Further information on Grants.gov may be obtained at http://www.grants.gov.

About The National Science Foundation

The National Science Foundation (NSF) is an independent Federal agency created by the National Science Foundation Act of 1950, as amended (42 USC 1861-75). The Act states the purpose of the NSF is "to promote the progress of science; [and] to advance the national health, prosperity, and welfare by supporting research and education in all fields of science and engineering."

NSF funds research and education in most fields of science and engineering. It does this through grants and cooperative agreements to more than 2,000 colleges, universities, K-12 school systems, businesses, informal science organizations and other research organizations throughout the US. The Foundation accounts for about one-fourth of Federal support to academic institutions for basic research.

NSF receives approximately 55,000 proposals each year for research, education and training projects, of which approximately 11,000 are funded. In addition, the Foundation receives several thousand applications for graduate and postdoctoral fellowships. The agency operates no laboratories itself but does support National Research Centers, user facilities, certain oceanographic vessels and Arctic and Antarctic research stations. The Foundation also supports cooperative research between universities and industry, US participation in international scientific and engineering efforts, and educational activities at every academic level.

Facilitation Awards for Scientists and Engineers with Disabilities provide funding for special assistance or equipment to enable persons with disabilities to work on NSF-supported projects. See Grant Proposal Guide Chapter II, Section D.2 for instructions regarding preparation of these types of proposals.

The National Science Foundation has Telephonic Device for the Deaf (TDD) and Federal Information Relay Service (FIRS) capabilities that enable individuals with hearing impairments to communicate with the Foundation about NSF programs, employment or general information. TDD may be accessed at (703) 292-5090 and (800) 281-8749, FIRS at (800) 877-8339.

The National Science Foundation Information Center may be reached at (703) 292-5111.

Privacy Act And Public Burden Statements

The information requested on proposal forms and project reports is solicited under the authority of the National Science Foundation Act of 1950, as amended. The information on proposal forms will be used in connection with the selection of qualified proposals; and project reports submitted by awardees will be used for program evaluation and reporting within the Executive Branch and to Congress. The information requested may be disclosed to qualified reviewers and staff assistants as part of the proposal review process; to proposer institutions/grantees to provide or obtain data regarding the proposal review process, award decisions, or the administration of awards; to government contractors, experts, volunteers and researchers and educators as necessary to complete assigned work; to other government agencies or other entities needing information regarding applicants or nominees as part of a joint application review process, or in order to coordinate programs or policy; and to another Federal agency, court, or party in a court or Federal administrative proceeding if the government is a party. Information about Principal Investigators may be added to the Reviewer file and used to select potential candidates to serve as peer reviewers or advisory committee members. See Systems of Records, NSF-50, "Principal Investigator/Proposal File and Associated Records," 69 Federal Register 26410 (May 12, 2004), and NSF-51, "Reviewer/Proposal File and Associated Records," 69 Federal Register 26410 (May 12, 2004). Submission of the information is voluntary. Failure to provide full and complete information, however, may reduce the possibility of receiving an award.

An agency may not conduct or sponsor, and a person is not required to respond to, an information collection unless it displays a valid Office of Management and Budget (OMB) control number. The OMB control number for this collection is 3145-0058. Public reporting burden for this collection of information is estimated to average 120 hours per response, including the time for reviewing instructions. Send comments regarding the burden estimate and any other aspect of this collection of information, including suggestions for reducing this burden, to:

Suzanne H. Plimpton
Reports Clearance Officer
Office of the General Counsel
National Science Foundation
Arlington, VA 22230