NSF 24-608: Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE)

Program Solicitation

Document Information

Document History

Posted: September 19, 2024

Program Solicitation NSF 24-608

U.S. National Science Foundation

Directorate for Computer and Information Science and Engineering

Directorate for STEM Education

Directorate for Technology, Innovation and Partnerships
Translational Impacts

Preliminary Proposal Due Date(s) (required) (due by 5 p.m. submitting organization's local time):

January 14, 2025

Second Tuesday in January, Annually Thereafter

Full Proposal Deadline(s) (due by 5 p.m. submitting organization's local time):

April 22, 2025

Fourth Tuesday in April, Annually Thereafter

Important Information And Revision Notes

Any proposal submitted in response to this solicitation should be submitted in accordance with the NSF Proposal & Award Policies & Procedures Guide (PAPPG) that is in effect for the relevant due date to which the proposal is being submitted. The NSF PAPPG is regularly revised and it is the responsibility of the proposer to ensure that the proposal meets the requirements specified in this solicitation and the applicable version of the PAPPG. Submitting a proposal prior to a specified deadline does not negate this requirement.

Summary Of Program Requirements

General Information

Program Title:

Safety, Security, and Privacy of Open-Source Ecosystems (Safe-OSE)

Synopsis of Program:

Vulnerabilities in an open-source product and/or its continuous development, integration and deployment infrastructure can potentially be exploited to attack any user (human, organization, and/or another product/entity) of the product. To respond to the growing threats to the safety, security, and privacy of open-source ecosystems (OSEs), NSF is launching the Safety, Security, and Privacy for Open-Source Ecosystems (Safe-OSE) program. This program solicits proposals from OSEs, including those not originally funded by NSF's Pathways to Enable Open-Source Ecosystems (POSE) program, to address significant safety, security, and/or privacy vulnerabilities, both technical (e.g., vulnerabilities in code and side-channels) and socio-technical (e.g., supply chain, insider threats, and social engineering).

Although most open-source products are software-based, it is important to note that Safe-OSE applies to any type of OSE, including those based on scientific methodologies, models, and processes; manufacturing processes and process specifications; materials formulations; programming languages and formats; hardware instruction sets; system designs or specifications; and data platforms. The goal of the Safe-OSE program is to catalyze meaningful improvements in the safety, security, and privacy of the targeted OSE that the OSE does not currently have the resources to undertake. Funds from this program should be directed toward efforts to enhance the safety, security, and privacy characteristics of the open-source product and its supply chain as well as to bolster the ecosystem's capabilities for managing current and future risks, attacks, breaches, and responses.

Broadening Participation In STEM

NSF recognizes the unique lived experiences of individuals from communities that are underrepresented and/or under-served in science, technology, engineering, and mathematics (STEM) and the barriers to inclusion and access to STEM education and careers. NSF highly encourages the leadership, partnership, and contributions in all NSF opportunities of individuals who are members of such communities supported by NSF. This includes leading and designing STEM research and education proposals for funding; serving as peer reviewers, advisory committee members, and/or committee of visitor members; and serving as NSF leadership, program, and/or administrative staff. NSF also highly encourages demographically diverse institutions of higher education (IHEs) to lead, partner, and contribute to NSF opportunities on behalf of their research and education communities. NSF expects that all individuals, including those who are members of groups that are underrepresented and/or under-served in STEM, are treated equitably and inclusively in the Foundation's proposal and award process.

NSF encourages IHEs that enroll, educate, graduate, and employ individuals who are members of groups underrepresented and/or under-served in STEM education programs and careers to lead, partner, and contribute to NSF opportunities, including leading and designing STEM research and education proposals for funding. Such IHEs include, but may not be limited to, community colleges and two-year institutions, mission-based institutions such as Historically Black Colleges and Universities (HBCUs), Tribal Colleges and Universities (TCUs), women's colleges, and institutions that primarily serve persons with disabilities, as well as institutions defined by enrollment such as Predominantly Undergraduate Institutions (PUIs), Minority-Serving Institutions (MSIs), and Hispanic Serving Institutions (HSIs).

"Broadening participation in STEM" is the comprehensive phrase used by NSF to refer to the Foundation's goal of increasing the representation and diversity of individuals, organizations, and geographic regions that contribute to STEM teaching, research, and innovation. To broaden participation in STEM, it is necessary to address issues of equity, inclusion, and access in STEM education, training, and careers. Whereas all NSF programs might support broadening participation components, some programs primarily focus on supporting broadening participation research and projects. Examples can be found on the NSF Broadening Participation in STEM website.

Cognizant Program Officer(s):

Please note that the following information is current at the time of publishing. See program website for any updates to the points of contact.

Nina Amla, Senior Science Advisor, CISE/OAD, telephone: (703) 292-7991, email: pose@nsf.gov
Peter S. Atherton, Program Director, TIP/TI, telephone: (703) 292-8772, email: pose@nsf.gov
Daniela A. Oliveira, Program Director, CISE/CNS, telephone: (703) 292-4352, email: pose@nsf.gov
Olga Pierrakos, Program Director, EDU/DUE, telephone: (703) 292-7253, email: pose@nsf.gov
Jeffrey M. Stanton, Program Director, TIP/TI, telephone: (703) 292-7794, email: pose@nsf.gov
Selcuk Uluagac, Program Director, CISE/CNS, telephone: (703) 292-4540, email: pose@nsf.gov

Applicable Catalog of Federal Domestic Assistance (CFDA) Number(s):

47.041 --- Engineering
47.049 --- Mathematical and Physical Sciences
47.050 --- Geosciences
47.070 --- Computer and Information Science and Engineering
47.074 --- Biological Sciences
47.075 --- Social Behavioral and Economic Sciences
47.076 --- STEM Education
47.079 --- Office of International Science and Engineering
47.083 --- Office of Integrative Activities (OIA)
47.084 --- NSF Technology, Innovation and Partnerships

Award Information

Anticipated Type of Award: Cooperative Agreement

Estimated Number of Awards: 10

Anticipated Funding Amount: $15,000,000

Each award will be for 24 months. The budget for Year 1 should be up to a maximum of $500,000 and the budget for Year 2 should be up to a maximum of $1,000,000, for a total budget of up to $1,500,000 per award.

Estimated program budget, number of awards and average award size/duration are subject to the availability of funds.

Eligibility Information

Who May Submit Proposals:

Proposals may only be submitted by the following:

Non-profit, non-academic organizations: Independent museums, observatories, research laboratories, professional societies and similar organizations located in the U.S. that are directly associated with educational or research activities.

For-profit organizations: U.S.-based commercial organizations, including small businesses, with strong capabilities in scientific or engineering research or education and a passion for innovation.

State and Local Governments

Tribal Nations: An American Indian or Alaska Native tribe, band, nation, pueblo, village, or community that the Secretary of the Interior acknowledges as a federally recognized tribe pursuant to the Federally Recognized Indian Tribe List Act of 1994, 25 U.S.C. §§ 5130-5131.

Institutions of Higher Education (IHEs) - Two- and four-year IHEs (including community colleges) accredited in, and having a campus located in the US, acting on behalf of their faculty members.

Who May Serve as PI:

For Institutions of Higher Education:

By the submission deadline, any PI, co-PI, or other Senior/Key Personnel must hold either:

a tenured or tenure-track position, or

a primary, full-time, paid appointment in a research or teaching position, or

a staff leadership role in an Open-Source Program Office or equivalent position

at a U.S.-based campus of an Institution of Higher Education (see above), with exceptions granted for family or medical leave, as determined by the submitting institution.

Individuals with primary appointments at overseas branch campuses of U.S. institutions of higher education are not eligible. Researchers from foreign academic institutions who contribute essential expertise to the project may participate as Senior/Key Personnel or collaborators but may not receive NSF support.

For all other eligible proposing organizations:

The PI must be an employee of the proposing organization who is normally resident in the US and must be acting as an employee of the proposing organization while performing PI responsibilities. The PI may perform the PI responsibilities while temporarily out of the U.S.

Individuals with primary appointments at non-U. S. based non-profit or non-U.S. based for-profit organizations are not eligible.

Limit on Number of Proposals per Organization: 2

Up to two (2) preliminary proposals per lead organization are allowed. NSF will review the preliminary proposals and provide a binding "Invite" or "Do Not Invite" response for each preliminary proposal. Invited organizations will be allowed to submit a full proposal on the project described in the preliminary proposal by the full proposal submission deadline.

Limit on Number of Proposals per PI or co-PI:

There are no restrictions or limits.

Proposal Preparation and Submission Instructions

A. Proposal Preparation Instructions

Letters of Intent: Not required
Preliminary Proposals: Submission of Preliminary Proposals is required. Please see the full text of this solicitation for further information.
Full Proposals:
- Full Proposals submitted via Research.gov: NSF Proposal and Award Policies and Procedures Guide (PAPPG) guidelines apply. The complete text of the PAPPG is available electronically on the NSF website at: https://www.nsf.gov/publications/pub_summ.jsp?ods_key=pappg.
- Full Proposals submitted via Grants.gov: NSF Grants.gov Application Guide: A Guide for the Preparation and Submission of NSF Applications via Grants.gov guidelines apply (Note: The NSF Grants.gov Application Guide is available on the Grants.gov website and on the NSF website at: https://www.nsf.gov/publications/pub_summ.jsp?ods_key=grantsgovguide).

B. Budgetary Information

Cost Sharing Requirements:

Inclusion of voluntary committed cost sharing is prohibited.
Indirect Cost (F&A) Limitations:

Not Applicable
Other Budgetary Limitations:

Not Applicable

C. Due Dates

Preliminary Proposal Due Date(s) (required) (due by 5 p.m. submitting organization's local time):

January 14, 2025

Second Tuesday in January, Annually Thereafter
Full Proposal Deadline(s) (due by 5 p.m. submitting organization's local time):

April 22, 2025

Fourth Tuesday in April, Annually Thereafter

Proposal Review Information Criteria

Merit Review Criteria:

National Science Board approved criteria. Additional merit review criteria apply. Please see the full text of this solicitation for further information.

Award Administration Information

Award Conditions:

Additional award conditions apply. Please see the full text of this solicitation for further information.

Reporting Requirements:

Additional reporting requirements apply. Please see the full text of this solicitation for further information.

I. Introduction

The term "open source" usually refers to software for which the original source code is publicly distributed to anyone and for any purpose, including for further development and refinement in a collaborative manner. Open-source software (OSS) is ubiquitous: a 2022 report from GitHub estimated that 97% of software relies on OSS, and 90% of companies apply or use OSS in some way. OSS is also increasingly important to commercial enterprises, with 30% of Fortune 100 companies running open-source program offices (OSPOs) to coordinate their OSS strategies.

Increasingly, however, the term open source also refers to a range of publicly distributed products that transcend OSS, including scientific methodologies, models, and processes; manufacturing processes and process specifications; materials formulations; programming languages and formats; hardware instruction sets; system designs or specifications; and data platforms. Academic and industrial scientists, engineers, researchers, and other professionals worldwide use distributed, collaborative open-source development methods to make a wide variety of products openly available with a goal of enabling nimble development and catalyzing further innovation.

Although open-source development methods accelerate and catalyze innovation, they can also create safety, security, and privacy risks and unintended harms. Adversaries can leverage the pillars of the open-source development philosophy - the democratization of development and broad opportunities for reuse - to insert and exploit vulnerabilities in open-source products. For OSS, even code written in memory-safe languages can be compromised because code re-usability and modularity can introduce dependencies, complexity, and liabilities to the software development life cycle. A recent study found that 82% of OSS components present risks due to vulnerabilities, security issues, and code quality or maintainability concerns. Furthermore, as noted in the report of a recent workshop sponsored by the Office of Management and Budget (OMB), NSF, and the National Institute for Standards and Technology (NIST) on the Open-source Software Security Initiative, the dynamics of complex, distributed organizations pose unique challenges in the creation and maintenance of a secure open-source ecosystem.

Thus, the characteristics of openness that make open-source such a powerful driver of innovation also enable many avenues of attack by adversaries using combinations of technical, social, and socio-technical approaches.

II. Program Description

Vulnerabilities in an open-source product (software and non-software) and/or its continuous development, maintenance, integration, and deployment infrastructure can potentially be exploited to attack any user (human, organization, and/or another product/entity) of the product and/or its derivations. To respond quickly to the growing threats to the safety, security, and privacy of OSEs, NSF is launching the Safety, Security, and Privacy of Open-source Ecosystems (Safe-OSE) program.

This program seeks to fund impactful, mature open-source ecosystems to address important classes of safety, security, and privacy vulnerabilities. In this context, mature signifies that the ecosystem in question has already established a robust community of contributors, an extensive group of users, a managing organization that steers the development of the product, and the essential infrastructure needed to keep the ecosystem running.

This program grows out of the Pathways to Enable Open-Source Ecosystems (POSE) program which supports new managing organizations to catalyze distributed, community-driven development and growth of new OSEs to address the discerned need to address safety, security, and privacy vulnerabilities in impactful OSEs.

Unlike NSF's Dear Colleague Letter inviting proposals related to open-source software security (NSF 23-149), which focuses on fundamental cybersecurity research, the Safe-OSE program solicits proposals from OSEs, including those not originally funded by POSE, to address safety, security, and/or privacy vulnerabilities proactively in existing, mature OSEs. These vulnerabilities can be technical (e.g., vulnerabilities in code, side-channels potentially disclosing sensitive information) and/or socio-technical (e.g., supply chain issues, insider threats, biases, and social engineering), as long as they are deemed significant in the context of the OSE. The goal of the Safe-OSE program is to catalyze meaningful improvements in the safety, security, and privacy of the targeted OSE that the managing organization does not currently have the resources to undertake. The program especially focuses on efforts in which enhancing the safety, security, and privacy of the OSE will lead to demonstrable improvement in its positive societal and economic impacts.

Proposals to this program should provide clear evidence that OSE team leaders have established a thorough understanding of the threat landscape, vulnerabilities, and/or failure modes for the open-source product(s) managed by the OSE. Proposals should describe, where appropriate, what other products depend upon the safe, secure, and privacy-preserving functions of the OSE. Proposals should situate the OSE's threat landscape in the larger context of known threats and/or vulnerabilities and discuss any significant prior incidents affecting the product(s). A realistic plan for addressing risks related to safety, security, and privacy should address the threat landscape and describe how Safe-OSE funding will meaningfully improve the OSE's capabilities for addressing vulnerabilities as well as for detecting and recovering from incidents.

Funds from this program should not be directed toward fundamental research or at readily resolvable, known bugs/issues, but rather toward strategies, methods, and actions that will fundamentally improve the open-source product's safety, security, and privacy stance. Funds from this program can also be directed at efforts to bolster the OSE's resiliency for recovering from future incidents. Thus, the proposal should articulate how Safe-OSE funding will improve the broader national, societal, and/or economic impacts of the OSE by hardening it against adverse events over the long term.

III. Award Information

Estimated program budget, number of awards and average award size/duration are subject to the availability of funds.

IV. Eligibility Information

Who May Submit Proposals:

Proposals may only be submitted by the following:

Non-profit, non-academic organizations: Independent museums, observatories, research laboratories, professional societies and similar organizations located in the U.S. that are directly associated with educational or research activities.

For-profit organizations: U.S.-based commercial organizations, including small businesses, with strong capabilities in scientific or engineering research or education and a passion for innovation.

State and Local Governments

Tribal Nations: An American Indian or Alaska Native tribe, band, nation, pueblo, village, or community that the Secretary of the Interior acknowledges as a federally recognized tribe pursuant to the Federally Recognized Indian Tribe List Act of 1994, 25 U.S.C. §§ 5130-5131.

Institutions of Higher Education (IHEs) - Two- and four-year IHEs (including community colleges) accredited in, and having a campus located in the US, acting on behalf of their faculty members.

Who May Serve as PI:

For Institutions of Higher Education:

By the submission deadline, any PI, co-PI, or other Senior/Key Personnel must hold either:

a tenured or tenure-track position, or

a primary, full-time, paid appointment in a research or teaching position, or

a staff leadership role in an Open-Source Program Office or equivalent position

at a U.S.-based campus of an Institution of Higher Education (see above), with exceptions granted for family or medical leave, as determined by the submitting institution.

Individuals with primary appointments at overseas branch campuses of U.S. institutions of higher education are not eligible. Researchers from foreign academic institutions who contribute essential expertise to the project may participate as Senior/Key Personnel or collaborators but may not receive NSF support.

For all other eligible proposing organizations:

The PI must be an employee of the proposing organization who is normally resident in the US and must be acting as an employee of the proposing organization while performing PI responsibilities. The PI may perform the PI responsibilities while temporarily out of the U.S.

Individuals with primary appointments at non-U.S. based non-profit or non-U.S. based for-profit organizations are not eligible.

Limit on Number of Proposals per Organization: 2

Up to two (2) preliminary proposals per lead organization are allowed. NSF will review the preliminary proposals and provide a binding "Invite" or "Do Not Invite" response for each preliminary proposal. Invited organizations will be allowed to submit a full proposal on the project described in the preliminary proposal by the full proposal submission deadline.

Limit on Number of Proposals per PI or co-PI:

There are no restrictions or limits.

Additional Eligibility Info:

Collaborative Proposals: Although proposals may be multi-organizational, a single organization must serve as the lead and all other organizations as sub-awardees. Collaborative proposals arranged as separate submissions from multiple organizations will not be accepted in response to this solicitation. Organizations ineligible to submit to this program solicitation may not receive sub-awards; if ineligible organizations are part of the team, their participation is expected to be supported by non-NSF sources.

Ownership and Control Requirements: Non-profit and for-profit proposing organizations must be U.S.-based, and U.S.-owned and controlled, as described in the following.

A majority (more than 50%) of a proposing organization's equity (e.g., stock) must be directly owned and controlled by one of the following:

One or more individuals who are citizens or permanent residents of the U.S.;

Other U.S. firms, each of which is directly owned and controlled by individuals who are citizens or permanent residents of the U.S.;

A combination of (1) and (2) above.

If an Employee Stock Ownership Plan owns all or part of a proposing organization, each stock trustee and plan member is considered an owner. If a trust owns all or part of the organization, each trustee and trust beneficiary is considered an owner.

The above ownership requirement states that at least a majority of a proposing organization's equity must be held by certain types of eligible entities (individuals and/or other firms). Therefore, when determining your organization's eligibility, you must be able to identify an ownership majority (of individuals and/or entities) that is made up of eligible individuals and/or other firms.

Each individual included as part of the eligible ownership majority of a proposing organization must be either a citizen or permanent resident of the U.S. The term "individual" refers only to actual people — it does not refer to companies or other legal entities of any sort. "Permanent resident" refers to an individual admitted to the United States as a lawful permanent resident by the U.S. Citizenship and Immigration Services.

If you include other firms as part of the eligible ownership majority of a proposing organization, you should verify that each such firm is more than 50% owned and controlled by individuals who are U.S. citizens or permanent residents.

Ownership refers to direct ownership of stock or equity of a proposing organization. Equity ownership is determined on a fully diluted basis. This means that the determination considers the total number of shares or equity that would be outstanding if all possible sources of conversion were exercised, including, but not limited to: outstanding common stock or equity, outstanding preferred stock (on a converted-to common basis) or equity, outstanding warrants (on an as-exercised-and-converted-to-common basis), outstanding options and options reserved for future grants, and any other convertible securities on an as-converted-to-common basis.

The purpose of the ownership requirement is to ensure that a recipient organization is controlled directly by individuals who are U.S. citizens or permanent residents or by firms that are majority-owned by U.S. citizens or permanent residents. Therefore, actual control of the organization must reside within the eligible ownership majority and may not reside outside of that ownership block. One of the following must describe the control of the proposing organization – the company must be more than 50% controlled by:

One U.S. citizen or permanent resident; or more than one U.S. citizen or permanent resident;

One other U.S. firm that is directly owned and controlled by U.S. citizens or permanent residents;

More than one other U.S. firm, each of which is directly owned and controlled by U.S. citizens or permanent residents; or

Any combination of the above.

Cost Principles for For-Profit Organizations: For-profit entities are subject to the cost principles contained in the Federal Acquisition Regulation, Part 31.

Legal Right to Work: The PI and all employees of the proposing organization who will receive Safe-OSE funding support must have a legal right to work in the U.S. for the proposing organization.

V. Proposal Preparation And Submission Instructions

A. Proposal Preparation Instructions

Preliminary Proposals (required): Preliminary proposals are required and must be submitted via Research.gov, even if full proposals will be submitted via Grants.gov.

Preliminary proposals to the Safe-OSE solicitation require the following sections of a proposal: Cover Sheet, Project Summary, Project Description, References Cited, and Letters of Collaboration (uploaded as Other Supplementary Documents).
Proposers must include a Project Description of up to five (5) pages addressing the following:
1. Describe the current status of the targeted OSE and provide pointers to the OSE managing organization and the public repositories for the open-source product. As the PAPPG does not permit URLs in the Project Description, use the References Cited section of the proposal to identify the appropriate resources.
2. Describe the national/societal/economic impacts of the OSE.
3. Articulate the targeted classes of safety, security, and/or privacy vulnerabilities to be addressed and the broader impacts of addressing them. Discuss, as appropriate, the potential attacks that could take advantage of these vulnerabilities.
4. Briefly describe a development plan to address these vulnerabilities.
5. Briefly describe an evaluation plan to assess the efficacy of the work.
6. Provide information to substantiate compliance with the eligibility requirements.
Letters of Collaboration: Include a minimum of three and up to five letters of collaboration from representatives of end-user organizations who have a working knowledge of the open-source product that is the subject of the preliminary proposal and the associated vulnerabilities. Each letter writer should succinctly describe how their organization is impacted by the vulnerabilities described in the preliminary proposal and their motivation for having these vulnerabilities addressed. These letters do not have to conform to the standard format specified in the PAPPG. Letters from Federal, State, and/or local governments and/or Tribal Nations are welcome, but for government users a point of contact with whom NSF can follow up may suffice in lieu of a letter. In addition to the above information, each letter of collaboration (not to exceed two pages) must include the name of the letter writer, current affiliations (institution or place of employment), and relationship to the members of the proposing team. All letters must be uploaded as Other Supplementary Documents.

NSF will review the preliminary proposals and provide binding "Invite" or "Do Not Invite" responses. Invited organizations will be allowed to submit a proposal on the project described in the preliminary proposal by the full-proposal submission deadline.

Full Proposal Preparation Instructions: Proposers may opt to submit proposals in response to this Program Solicitation via Research.gov or Grants.gov.

Full Proposals submitted via Research.gov: Proposals submitted in response to this program solicitation should be prepared and submitted in accordance with the general guidelines contained in the NSF Proposal and Award Policies and Procedures Guide (PAPPG). The complete text of the PAPPG is available electronically on the NSF website at: https://www.nsf.gov/publications/pub_summ.jsp?ods_key=pappg. Paper copies of the PAPPG may be obtained from the NSF Publications Clearinghouse, telephone (703) 292-8134 or by e-mail from nsfpubs@nsf.gov. The Prepare New Proposal setup will prompt you for the program solicitation number.
Full proposals submitted via Grants.gov: Proposals submitted in response to this program solicitation via Grants.gov should be prepared and submitted in accordance with the NSF Grants.gov Application Guide: A Guide for the Preparation and Submission of NSF Applications via Grants.gov. The complete text of the NSF Grants.gov Application Guide is available on the Grants.gov website and on the NSF website at: (https://www.nsf.gov/publications/pub_summ.jsp?ods_key=grantsgovguide). To obtain copies of the Application Guide and Application Forms Package, click on the Apply tab on the Grants.gov site, then click on the Apply Step 1: Download a Grant Application Package and Application Instructions link and enter the funding opportunity number, (the program solicitation number without the NSF prefix) and press the Download Package button. Paper copies of the Grants.gov Application Guide also may be obtained from the NSF Publications Clearinghouse, telephone (703) 292-8134 or by e-mail from nsfpubs@nsf.gov.

See PAPPG Chapter II.D.2 for guidance on the required sections of a full research proposal submitted to NSF. Please note that the proposal preparation instructions provided in this program solicitation may deviate from the PAPPG instructions.

Proposal Preparation Instructions: Proposers should submit proposals in response to this Program Solicitation via Research.gov.

IMPORTANT: Institutions submitting proposals to this solicitation must have an active UEI (Unique Entity Identifier) through SAM.gov. Please note: Registration through SAM.gov can take several weeks.

Collaborative Proposals. If a proposal involves multiple organizations, it must be submitted as a single proposal with sub-awards; separately submitted collaborative proposals ("linked collaboratives") are not permitted.

The following instructions supplement guidelines in the PAPPG and the NSF Grants.gov Application guide.

Title. Proposal titles must begin with "NSF Safe-OSE " followed by a colon (":"), and then the title of the project. For example, a proposal could have a title of the form NSF Safe-OSE: Title.

Project Summary. The last line of the Project Summary must have a prioritized list of 2-5 keywords that best characterize the technical field and impact area in which the OSE operates. The keywords must be words (or phrases) that describe the primary impact area for the OSE – e.g., "Climate Change", or "Artificial Intelligence", or "Healthcare", etc. The list should start with "Keywords:" followed by a list of keywords separated by semi-colons (";").

Project Description. Invited proposers should include a Project Description of up to fifteen (15) pages that addresses the following:

Describe the current status of the targeted OSE and provide pointers to the OSE managing organization and the public repositories for the open-source product. As the PAPPG does not permit URLs in the Project Description, use the References Cited section of the proposal to identify the appropriate resources.
Describe the national/societal/economic impacts of the OSE. This program will prioritize funding for OSEs where safety/security/privacy improvements will have demonstrable benefits to society and/or the economy and/or contributions to national infrastructure with respect to societal and/or economic safety, security, and privacy. Describe, where appropriate, what other products depend upon the safe, secure, and privacy-preserving function of the OSE.
Articulate the targeted classes of safety, security, and/or privacy vulnerabilities to be addressed and the broader impacts of addressing them. Discuss, as appropriate, the attack methods being targeted, including technical (e.g., vulnerabilities in code and side-channels potentially disclosing sensitive information) and/or socio-technical (e.g., insider threats, biases, wrong incentives, social engineering, and lack of compliance) methods. Describe any known, prior instances of such attacks, risks, or potential attacks exploiting the targeted vulnerabilities.
Provide a detailed development plan to address these vulnerabilities. The plan should include key milestones with separate subsections pertaining to the first year and the second year of the award period. For software-focused OSEs, describe, as appropriate, any important technical considerations such as the use of memory-safe languages and/or software bills of materials.
Describe an evaluation plan to assess the efficacy of the proposed work and the achievement of key milestones. The plan should include metrics for measuring success and any tools or benchmarks (if applicable) to be used during the evaluation. Ideally, the evaluation plan will include testing/validation opportunities for existing users.
Provide information to substantiate compliance with the eligibility requirements (See Section IV above).

Budget and Budget Justification. Proposal budgets should comply with the following guidelines: The maximum budget shown on the Cover Sheet and on the budget must not exceed $1,500,000, with no more than $500,000 budgeted for the first year of the proposal. Proposals with budgets in excess of these limits will be returned without review.

Senior/Key Personnel (Line A) and Other Personnel (Line B)
1. IHEs; State and Local Governments (see the solicitation for eligibility details)
  1. For existing employees: Personnel on budget lines A and B may request salary support at a rate up to their current salary rate. The budget justification should include a statement for each person affirming that the requested salary rate is no greater than the current salary rate for the person.
  2. For new employees: Salary rates must be consistent with the established, written policies of the organization
2. Non-profit and for-profit organizations: The requested Phase I salary rates for personnel on budget lines A and B should be no greater than the relevant 75th percentile Bureau of Labor Statistics (BLS) rate (https://www.bls.gov/) corresponding to the responsibilities of the position and geographic location where the work will be carried out, and for each employee the budget justification must include a Standard Occupational Classification (SOC) code and a live link to the relevant BLS web page. NSF may question the reasonableness of any personnel salary rates that exceed the relevant 75th percentile BLS rate. Any rates exceeding this level must be strongly justified in the budget justification. Note that NSF does not recognize the C-level roles for the determination of salary rates – the BLS rates must correspond to specific responsibilities.
3. Note that the normal 2-month per year limit on salary support is not enforced in the Safe-OSE program, but requests for support in excess of 2 months per year will need an explicit justification per PAPPG II.D.2.f.(i)(a).
Use 173.33 hours per month in salary calculations, where appropriate.
All personnel on Lines A and B of the main budget must be employees of the proposing organization.
In the budget justification provide title, salary rate information, time commitment, total requested salary, and a description of responsibilities for the PI and other Senior/Key Personnel (Line A) and for all Other Personnel listed in budget Line B.
The number of calendar months shown in the budget should reflect the number of person-months for which Safe-OSE funding is requested.
Fringe Benefits (Line C): In the Budget Justification provide rate and base information for Fringe Benefits and provide a breakdown of the request for Fringe Benefits funding.
Equipment (line D): Funding requests for equipment are allowed for Safe-OSE proposals if the equipment is specifically necessary for the activities described in the proposal. The budget justification should include a description of the equipment for which funding is requested and an explanation of why the equipment is needed to perform the project. Quotations or other documentation to justify the funding request must be provided and should be uploaded to Other Supplementary Documents (see the guidance below regarding Supplementary Documents).
Travel (Line E): The budget justification must include a description of the proposed travel and an explanation of why it is necessary to perform the project. A detailed breakdown of the funding request must be provided. All travel costs must comply with the applicable federal cost principles. For-profit organizations are subject to 48 CFR 31.205-46, while all other organizations are subject to 2 CFR 200.475. Quotations or estimates in support of the travel funds request must be provided and should be uploaded to Other Supplementary Documents (see the guidance below regarding Supplementary Documents).
Participant Support Costs (Line F): See the current PAPPG for guidance.
Other Direct Costs (Line G):
Materials and Supplies: In the budget justification include an explanation of the need for the requested materials and supplies. The request must be itemized. For each item provide a description of the item, the quantity, the unit price, and the total cost. A price quote or estimate is required for each different item - actual price quotes or estimates must be provided, rather than web links - and should be uploaded to Other Supplementary Documents (see the guidance below regarding Supplementary Documents).

Publication Costs/Documentation/Dissemination: A detailed breakdown of the funding request must be provided in the budget justification. Supporting quotes or estimates should be uploaded to Other Supplementary Documents (see the guidance below regarding Supplementary Documents).

Consultant Services. The budget justification must include the time commitment, consultant rate, a brief description of the consultant responsibilities, and the total funding request for each consultant. For each consultant whose funding across the whole award period will exceed $1,000, a signed letter/statement from the consultant confirming availability, time commitment, role in the project, and the agreed consulting rate must be provided and should be uploaded to Other Supplementary Documents. Note that owners of, or equity holders in, the proposing entity may not also be paid via Safe-OSE funds as consultants, contractors, or under a subaward.

Computer Services. The budget justification must include a description of the computer services for which funding is requested and why they are needed. Quotations or web-based estimates to support the funding request must be provided and should be uploaded to Other Supplementary Documents.

Sub-awards For each sub-award, the budget justification must include a description of the purpose of the sub-award, key tasks to be performed, and the requested funding amount. The following must also be provided:
1. a letter from the sub-award institution acknowledging the sub-award, to be uploaded to Other Supplementary Documents;
2. a letter from the PI on the sub-award (the Co-PI), which indicates his/her willingness to collaborate and describes his/her responsibilities and the specific tasks to be accomplished on the project to be uploaded to Other Supplementary Documents;
3. The following requirements apply to each sub-award request.
  1. The sub-award budget must include a budget justification that follows the same format as for the main budget.
  2. Each line item of the sub-award budget must be identified by its letter in the sub-award budget justification.
  3. The sub-award co-PI should be identified and listed on Line A (Senior/Key Personnel) of the sub-award budget. Note that owners of, or equity holders in, the proposing entity may not also be paid via Safe-OSE funds under a sub-award
  4. Equipment (Line D): The purchase of equipment is not allowed on a sub-award budget.
  5. Travel (Line E): Travel costs are allowed on a sub-award budget. The budget justification must include a description of the proposed travel and an explanation of why sub-awardee travel is necessary to perform the project. A detailed breakdown of the funding request must be provided. All travel costs must comply with the applicable federal cost principles. Quotations or estimates in support of the travel funds request must be provided and should be uploaded to Other Supplementary Documents.
Other. The budget line is typically used for goods and services. The budget justification must include a description of services for which funding is requested. Copies of price quotes, or other supporting documentation to justify the request must be provided and should be uploaded to Other Supplementary Documents.
Indirect Costs (Line I):
1. If the proposing organization has a current federal Negotiated Indirect Cost Rate Agreement (NICRA) the negotiated rate must be used.
2. If the proposing organization does not have a NICRA, the organization may elect to use a de minimis rate of up to 15% of modified total direct costs. For further guidance see https://www.nsf.gov/bfa/dias/caar/indirect.jsp.
Fee (Line K): Not applicable.

Mentoring Plan. NSF requires that each proposal that requests funding to support postdoctoral scholars or graduate students must include a Mentoring Plan. Note that because Safe-OSE awards do not typically support a substantial scientific research component, the inclusion of postdocs and/or graduate students as project personnel will be scrutinized during merit review. Proposers should ensure that the Mentoring Plan contains a clear rationale for inclusion on a Safe-OSE project.

Data Management and Sharing Plan. In accordance with the guidance in the PAPPG, proposals must include a Data Management and Sharing Plan of no more than two pages. The Data Management and Sharing Plan must be substantive and specific to the application area described in the proposal. In addition to addressing how the project will conform to NSF's policy on the dissemination and sharing of research results, the Data Management and Sharing Plan should address the handling of sensitive data, if it is relevant to the project. If the open-source ecosystem involves the receipt, management, curation, or archiving of sensitive data, the Data Management Plan must discuss the methods of data collection and identification of harms that could arise from its collection or inadvertent dissemination, techniques that will be used to protect the privacy of individuals and organizations associated with the data and plans to request IRB and/or IACUC approval for data collection, aggregation, and analysis if applicable. Methods for providing other users with controlled access to sensitive data, the time period during which sensitive data will be available, and policies for authorizing access to the data and techniques (including security protections) that will be used to prevent the unauthorized dissemination of the data should also be discussed.

For additional information on the Dissemination and Sharing of Research Results, see:https://www.nsf.gov/bfa/dias/policy/dmp.jsp.

Other Supplementary Documents:

1. Letters of Collaboration (required)

A minimum of three and up to five letters of collaboration from third-party users and/or contributors of the open-source product must be uploaded as Other Supplementary Documents. These letters of collaboration must be from current users or contributors (who are not directly related to the proposing team) of the open-source product that is the subject of the proposed Safe-OSE. Each letter writer should clearly describe how they have contributed and will continue to contribute to the development of the proposed Safe-OSE. If the proposed Safe-OSE will depend on facilities infrastructure provided by the proposing organization or another organization after the conclusion of the award, one letter of collaboration describing the extent and term of this provision should be included. These letters do not have to conform to the standard format specified in the PAPPG. In addition to the above information, each letter of collaboration (not to exceed two pages) must include the name of the letter writer, current affiliations (institution or place of employment), and relationship to the members of the proposing team.

Letters from Federal, State, Local governments or Tribal Nations are welcome. For government users, a point of contact with whom NSF can follow up will suffice in lieu of a letter. In such cases, submit a one-page placeholder with the name, telephone number, email address, job title, and agency name of the government user as a Single Copy Document (instead of Other Supplementary Documents). Include a one paragraph description of the government contact's prior involvement in the OSE, if known.

2. A List of Project Personnel, Collaborators, and Partner Organizations (required)

Provide current, accurate information for all personnel and organizations involved in the project. NSF staff will use this information in the merit review process to manage reviewer selection. The list must include all PIs, co-PIs, Senior/Key Personnel, funded/unfunded consultants, collaborators (including everyone who has provided a letter of collaboration), sub-awardees., postdocs, and project-level advisory committee members.

The list of project personnel, collaborators, and partner organizations should be numbered and include (in this order) Full name, Organization(s), and Role in the project, with each item separated by a semi-colon. Each person listed should start a new numbered line. For example:

Amara Smith; XYZ University; PI
John Rodrigues; University of PQR Non-Profit; Senior/Key Personnel
Jaime Brown; XYZ University; Letter of Collaboration
Bob Adams; ABC Community College; Funded Consultant
Ada White; DEF Corporation; Unfunded Collaborator
Tim Green; ZZZ University; Sub-awardee

3. Documentation for the Budget

All budget related documentation should be uploaded as Other Supplementary Documents. Please ensure that each item of supporting documentation for the budget is clearly identified by the corresponding budget line (e.g., Line G / Materials and Supplies) and a heading that describes the nature of the corresponding document (e.g., "Consultant Letter of Commitment").

Solicitation-Specific Submission Checklist:

To assist proposal preparation, the following checklist is provided as a reminder of some important items that should be checked before submitting a proposal to this solicitation. The proposal will be returned without review if the required item is non-compliant at the submission deadline. Note that these are requirements unique to this solicitation, for other return without review requirements, see the PAPPG.

The last line of the Project Summary must consist of the word "Keywords" followed by a colon and between 2-5 keywords separated by semicolons. The keywords must be words (or phrases) that describe the primary impact area for the OSE – e.g., "Climate Change", or "Healthcare", etc.
Either the Project Description or the References Cited (or both) must include pointers to the managing organization for the ecosystem and the publicly available repository where the open-source artifact(s) are available.
The maximum budget shown on the Cover Sheet and on the budget must not exceed $1,500,000. The detailed budget sheet for Year 1 must not exceed $500,000.
A minimum of three and up to five letters of collaboration from third-party contributors or users of the open-source product must be included as Other Supplementary Documents.
A Project Personnel, Collaborators and Partner Organizations list must be included as an Other Supplementary Document.

B. Budgetary Information

Cost Sharing:

Inclusion of voluntary committed cost sharing is prohibited.

C. Due Dates

Preliminary Proposal Due Date(s) (required) (due by 5 p.m. submitting organization's local time):

January 14, 2025

Second Tuesday in January, Annually Thereafter
Full Proposal Deadline(s) (due by 5 p.m. submitting organization's local time):

April 22, 2025

Fourth Tuesday in April, Annually Thereafter

D. Research.gov/Grants.gov Requirements

For Proposals Submitted Via Research.gov:

To prepare and submit a proposal via Research.gov, see detailed technical instructions available at: https://www.research.gov/research-portal/appmanager/base/desktop?_nfpb=true&_pageLabel=research_node_display&_nodePath=/researchGov/Service/Desktop/ProposalPreparationandSubmission.html. For Research.gov user support, call the Research.gov Help Desk at 1-800-381-1532 or e-mail rgov@nsf.gov. The Research.gov Help Desk answers general technical questions related to the use of the Research.gov system. Specific questions related to this program solicitation should be referred to the NSF program staff contact(s) listed in Section VIII of this funding opportunity.

For Proposals Submitted Via Grants.gov:

Before using Grants.gov for the first time, each organization must register to create an institutional profile. Once registered, the applicant's organization can then apply for any federal grant on the Grants.gov website. Comprehensive information about using Grants.gov is available on the Grants.gov Applicant Resources web page: https://www.grants.gov/applicants. In addition, the NSF Grants.gov Application Guide (see link in Section V.A) provides instructions regarding the technical preparation of proposals via Grants.gov. For Grants.gov user support, contact the Grants.gov Contact Center at 1-800-518-4726 or by email: support@grants.gov. The Grants.gov Contact Center answers general technical questions related to the use of Grants.gov. Specific questions related to this program solicitation should be referred to the NSF program staff contact(s) listed in Section VIII of this solicitation.

Submitting the Proposal: Once all documents have been completed, the Authorized Organizational Representative (AOR) must submit the application to Grants.gov and verify the desired funding opportunity and agency to which the application is submitted. The AOR must then sign and submit the application to Grants.gov. The completed application will be transferred to Research.gov for further processing.

The NSF Grants.gov Proposal Processing in Research.gov informational page provides submission guidance to applicants and links to helpful resources including the NSF Grants.gov Application Guide, Grants.gov Proposal Processing in Research.gov how-to guide, and Grants.gov Submitted Proposals Frequently Asked Questions. Grants.gov proposals must pass all NSF pre-check and post-check validations in order to be accepted by Research.gov at NSF.

When submitting via Grants.gov, NSF strongly recommends applicants initiate proposal submission at least five business days in advance of a deadline to allow adequate time to address NSF compliance errors and resubmissions by 5:00 p.m. submitting organization's local time on the deadline. Please note that some errors cannot be corrected in Grants.gov. Once a proposal passes pre-checks but fails any post-check, an applicant can only correct and submit the in-progress proposal in Research.gov.

Proposers that submitted via Research.gov may use Research.gov to verify the status of their submission to NSF. For proposers that submitted via Grants.gov, until an application has been received and validated by NSF, the Authorized Organizational Representative may check the status of an application on Grants.gov. After proposers have received an e-mail notification from NSF, Research.gov should be used to check the status of an application.

VI. NSF Proposal Processing And Review Procedures

Proposals received by NSF are assigned to the appropriate NSF program for acknowledgment and, if they meet NSF requirements, for review. All proposals are carefully reviewed by a scientist, engineer, or educator serving as an NSF Program Officer, and usually by three to ten other persons outside NSF either as ad hoc reviewers, panelists, or both, who are experts in the particular fields represented by the proposal. These reviewers are selected by Program Officers charged with oversight of the review process. Proposers are invited to suggest names of persons they believe are especially well qualified to review the proposal and/or persons they would prefer not review the proposal. These suggestions may serve as one source in the reviewer selection process at the Program Officer's discretion. Submission of such names, however, is optional. Care is taken to ensure that reviewers have no conflicts of interest with the proposal. In addition, Program Officers may obtain comments from site visits before recommending final action on proposals. Senior NSF staff further review recommendations for awards. A flowchart that depicts the entire NSF proposal and award process (and associated timeline) is included in PAPPG Exhibit III-1.

A comprehensive description of the Foundation's merit review process is available on the NSF website at: https://www.nsf.gov/bfa/dias/policy/merit_review/.

Proposers should also be aware of core strategies that are essential to the fulfillment of NSF's mission, as articulated in Leading the World in Discovery and Innovation, STEM Talent Development and the Delivery of Benefits from Research - NSF Strategic Plan for Fiscal Years (FY) 2022 - 2026. These strategies are integrated in the program planning and implementation process, of which proposal review is one part. NSF's mission is particularly well-implemented through the integration of research and education and broadening participation in NSF programs, projects, and activities.

One of the strategic objectives in support of NSF's mission is to foster integration of research and education through the programs, projects, and activities it supports at academic and research institutions. These institutions must recruit, train, and prepare a diverse STEM workforce to advance the frontiers of science and participate in the U.S. technology-based economy. NSF's contribution to the national innovation ecosystem is to provide cutting-edge research under the guidance of the Nation's most creative scientists and engineers. NSF also supports development of a strong science, technology, engineering, and mathematics (STEM) workforce by investing in building the knowledge that informs improvements in STEM teaching and learning.

NSF's mission calls for the broadening of opportunities and expanding participation of groups, institutions, and geographic regions that are underrepresented in STEM disciplines, which is essential to the health and vitality of science and engineering. NSF is committed to this principle of diversity and deems it central to the programs, projects, and activities it considers and supports.

A. Merit Review Principles and Criteria

The National Science Foundation strives to invest in a robust and diverse portfolio of projects that creates new knowledge and enables breakthroughs in understanding across all areas of science and engineering research and education. To identify which projects to support, NSF relies on a merit review process that incorporates consideration of both the technical aspects of a proposed project and its potential to contribute more broadly to advancing NSF's mission "to promote the progress of science; to advance the national health, prosperity, and welfare; to secure the national defense; and for other purposes." NSF makes every effort to conduct a fair, competitive, transparent merit review process for the selection of projects.

1. Merit Review Principles

These principles are to be given due diligence by PIs and organizations when preparing proposals and managing projects, by reviewers when reading and evaluating proposals, and by NSF program staff when determining whether or not to recommend proposals for funding and while overseeing awards. Given that NSF is the primary federal agency charged with nurturing and supporting excellence in basic research and education, the following three principles apply:

All NSF projects should be of the highest quality and have the potential to advance, if not transform, the frontiers of knowledge.
NSF projects, in the aggregate, should contribute more broadly to achieving societal goals. These "Broader Impacts" may be accomplished through the research itself, through activities that are directly related to specific research projects, or through activities that are supported by, but are complementary to, the project. The project activities may be based on previously established and/or innovative methods and approaches, but in either case must be well justified.
Meaningful assessment and evaluation of NSF funded projects should be based on appropriate metrics, keeping in mind the likely correlation between the effect of broader impacts and the resources provided to implement projects. If the size of the activity is limited, evaluation of that activity in isolation is not likely to be meaningful. Thus, assessing the effectiveness of these activities may best be done at a higher, more aggregated, level than the individual project.

With respect to the third principle, even if assessment of Broader Impacts outcomes for particular projects is done at an aggregated level, PIs are expected to be accountable for carrying out the activities described in the funded project. Thus, individual projects should include clearly stated goals, specific descriptions of the activities that the PI intends to do, and a plan in place to document the outputs of those activities.

These three merit review principles provide the basis for the merit review criteria, as well as a context within which the users of the criteria can better understand their intent.

2. Merit Review Criteria

All NSF proposals are evaluated through use of the two National Science Board approved merit review criteria. In some instances, however, NSF will employ additional criteria as required to highlight the specific objectives of certain programs and activities.

The two merit review criteria are listed below. Both criteria are to be given full consideration during the review and decision-making processes; each criterion is necessary but neither, by itself, is sufficient. Therefore, proposers must fully address both criteria. (PAPPG Chapter II.D.2.d(i). contains additional information for use by proposers in development of the Project Description section of the proposal). Reviewers are strongly encouraged to review the criteria, including PAPPG Chapter II.D.2.d(i), prior to the review of a proposal.

When evaluating NSF proposals, reviewers will be asked to consider what the proposers want to do, why they want to do it, how they plan to do it, how they will know if they succeed, and what benefits could accrue if the project is successful. These issues apply both to the technical aspects of the proposal and the way in which the project may make broader contributions. To that end, reviewers will be asked to evaluate all proposals against two criteria:

Intellectual Merit: The Intellectual Merit criterion encompasses the potential to advance knowledge; and
Broader Impacts: The Broader Impacts criterion encompasses the potential to benefit society and contribute to the achievement of specific, desired societal outcomes.

The following elements should be considered in the review for both criteria:

What is the potential for the proposed activity to
1. Advance knowledge and understanding within its own field or across different fields (Intellectual Merit); and
2. Benefit society or advance desired societal outcomes (Broader Impacts)?
To what extent do the proposed activities suggest and explore creative, original, or potentially transformative concepts?
Is the plan for carrying out the proposed activities well-reasoned, well-organized, and based on a sound rationale? Does the plan incorporate a mechanism to assess success?
How well qualified is the individual, team, or organization to conduct the proposed activities?
Are there adequate resources available to the PI (either at the home organization or through collaborations) to carry out the proposed activities?

Broader impacts may be accomplished through the research itself, through the activities that are directly related to specific research projects, or through activities that are supported by, but are complementary to, the project. NSF values the advancement of scientific knowledge and activities that contribute to achievement of societally relevant outcomes. Such outcomes include, but are not limited to: full participation of women, persons with disabilities, and other underrepresented groups in science, technology, engineering, and mathematics (STEM); improved STEM education and educator development at any level; increased public scientific literacy and public engagement with science and technology; improved well-being of individuals in society; development of a diverse, globally competitive STEM workforce; increased partnerships between academia, industry, and others; improved national security; increased economic competitiveness of the United States; and enhanced infrastructure for research and education.

Proposers are reminded that reviewers will also be asked to review the Data Management and Sharing Plan and the Mentoring Plan, as appropriate.

Additional Solicitation Specific Review Criteria

Preliminary proposals will be evaluated on the basis of the following solicitation-specific review criteria:

Does the preliminary proposal present a convincing case that the targeted OSE addresses an issue of significant societal or national importance?
Does the preliminary proposal clearly describe the vulnerability landscape for the OSE and its product(s)?
Does the preliminary proposal provide convincing evidence of a robust community of developers and that a substantial user base exists?
Does the preliminary proposal present clear plans for addressing critical vulnerabilities?
Does the proposing team have the required expertise and experience to undertake the activities described in the preliminary proposal?
Will NSF support serve as the critical catalyst for addressing the identified vulnerabilities (i.e., are there other sources of support that the OSE should be using instead of or in addition to NSF funding)?
Does the preliminary proposal include third-party letters of collaboration attesting to the importance of the vulnerabilities to be addressed from the perspective of users?

Full proposals will be evaluated on the basis of the following solicitation-specific review criteria:

Does the proposal present a convincing case that the targeted OSE addresses an issue of significant societal or national importance?
Does the proposal clearly describe the vulnerability landscape for the OSE and its product(s)?
Does the proposal provide convincing evidence of a robust community of developers and a substantial user base exists?
Does the proposal present clear plans for addressing critical vulnerabilities?
Does the proposal clearly describe a build and test infrastructure, and procedures to address quality control and security of new content?
Does the proposal contain a detailed and achievable list of milestones?
Does the proposal present a specific, actionable evaluation plan?
Does the proposing team have the required expertise and experience to undertake the activities described in the proposal?
Will NSF support serve as the critical catalyst for addressing the identified vulnerabilities (i.e., are there other sources of support that the OSE should be using instead of or in addition to NSF funding)?
Does the proposal include third-party letters of collaboration attesting to the importance of the vulnerabilities to be addressed from the perspective of users?

Reverse Site Visit and/or External Reviews

Proposals may request a maximum duration of two years and up to $1,500,000. The first-year budget may not exceed $500,000. Provision of a cooperative agreement increment of up to $1,000,000 for the second year will be subject to a successful progress evaluation such as a reverse site visit and/or external reviews that assess the following criteria:

At least one new, stable, public release of the product addressing a subset of the identified vulnerabilities.
Achievement of performance targets agreed upon between NSF and the proposing organization as part of the cooperative agreement.
For software-focused products/ecosystems, demonstrable compliance with the "MUST" criteria included in the OpenSSF's passing level of badging for open-source software. For non-software products/ecosystems, the full project proposal should document comparable performance standards for safety, security, and privacy.

The progress evaluation will occur near the end of year one of the award and no later than 15 days prior to the end of year one. Senior/key personnel will prepare briefing material (10 pages or less) describing the project team's accomplishments, make a (virtual) presentation, and address questions from reviewers/site visitors. The purpose of this evaluation process is to assess progress the recipients have made towards addressing identified vulnerabilities, reaching performance targets described in the cooperative agreement, and making appropriate progress towards the project's goals. The reviewers/site visitors will evaluate the team's progress. After considering reviewers' input and based on available funding, NSF will decide if the team will receive funding for the second award year.

B. Review and Selection Process

Proposals submitted in response to this program solicitation will be reviewed by Ad hoc Review and/or Panel Review, Internal NSF Review, or Reverse Site Review.

Preliminary proposals will be reviewed internally. The decision to Invite or Not Invite full proposals is binding.

Full proposals are subject to external merit review. Proposals may be reviewed by panel, ad hoc, or mixed methods.

Reviewers will be asked to evaluate proposals using two National Science Board approved merit review criteria and, if applicable, additional program specific criteria. A summary rating and accompanying narrative will generally be completed and submitted by each reviewer and/or panel. The Program Officer assigned to manage the proposal's review will consider the advice of reviewers and will formulate a recommendation.

After scientific, technical and programmatic review and consideration of appropriate factors, the NSF Program Officer recommends to the cognizant Division Director whether the proposal should be declined or recommended for award. NSF strives to be able to tell proposers whether their proposals have been declined or recommended for funding within six months. Large or particularly complex proposals or proposals from new recipients may require additional review and processing time. The time interval begins on the deadline or target date, or receipt date, whichever is later. The interval ends when the Division Director acts upon the Program Officer's recommendation.

After programmatic approval has been obtained, the proposals recommended for funding will be forwarded to the Division of Grants and Agreements or the Division of Acquisition and Cooperative Support for review of business, financial, and policy implications. After an administrative review has occurred, Grants and Agreements Officers perform the processing and issuance of a grant or other agreement. Proposers are cautioned that only a Grants and Agreements Officer may make commitments, obligations or awards on behalf of NSF or authorize the expenditure of funds. No commitment on the part of NSF should be inferred from technical or budgetary discussions with a NSF Program Officer. A Principal Investigator or organization that makes financial or personnel commitments in the absence of a grant or cooperative agreement signed by the NSF Grants and Agreements Officer does so at their own risk.

Once an award or declination decision has been made, Principal Investigators are provided feedback about their proposals. In all cases, reviews are treated as confidential documents. Verbatim copies of reviews, excluding the names of the reviewers or any reviewer-identifying information, are sent to the Principal Investigator/Project Director by the Program Officer. In addition, the proposer will receive an explanation of the decision to award or decline funding.

VII. Award Administration Information

A. Notification of the Award

Notification of the award is made to the submitting organization by an NSF Grants and Agreements Officer. Organizations whose proposals are declined will be advised as promptly as possible by the cognizant NSF Program administering the program. Verbatim copies of reviews, not including the identity of the reviewer, will be provided automatically to the Principal Investigator. (See Section VI.B. for additional information on the review process.)

B. Award Conditions

An NSF award consists of: (1) the award notice, which includes any special provisions applicable to the award and any numbered amendments thereto; (2) the budget, which indicates the amounts, by categories of expense, on which NSF has based its support (or otherwise communicates any specific approvals or disapprovals of proposed expenditures); (3) the proposal referenced in the award notice; (4) the applicable award conditions, such as Grant General Conditions (GC-1)*; or Research Terms and Conditions* and (5) any announcement or other NSF issuance that may be incorporated by reference in the award notice. Cooperative agreements also are administered in accordance with NSF Cooperative Agreement Financial and Administrative Terms and Conditions (CA-FATC) and the applicable Programmatic Terms and Conditions. NSF awards are electronically signed by an NSF Grants and Agreements Officer and transmitted electronically to the organization via e-mail.

*These documents may be accessed electronically on NSF's Website at https://www.nsf.gov/awards/managing/award_conditions.jsp?org=NSF. Paper copies may be obtained from the NSF Publications Clearinghouse, telephone (703) 292-8134 or by e-mail from nsfpubs@nsf.gov.

More comprehensive information on NSF Award Conditions and other important information on the administration of NSF awards is contained in the NSF Proposal & Award Policies & Procedures Guide (PAPPG) Chapter VII, available electronically on the NSF Website at https://www.nsf.gov/publications/pub_summ.jsp?ods_key=pappg.

Administrative and National Policy Requirements

Build America, Buy America

As expressed in Executive Order 14005, Ensuring the Future is Made in All of America by All of America's Workers (86 FR 7475), it is the policy of the executive branch to use terms and conditions of Federal financial assistance awards to maximize, consistent with law, the use of goods, products, and materials produced in, and services offered in, the United States.

Consistent with the requirements of the Build America, Buy America Act (Pub. L. 117-58, Division G, Title IX, Subtitle A, November 15, 2021), no funding made available through this funding opportunity may be obligated for infrastructure projects under an award unless all iron, steel, manufactured products, and construction materials used in the project are produced in the United States. For additional information, visit NSF's Build America, Buy America web page

Special Award Conditions:

CHIPS and Science Act of 2022

In compliance with the CHIPS and Science Act of 2022, Section 10636 (Person or entity of concern prohibition) (42 U.S.C. 19235): No person published on the list under section 1237(b) of the Strom Thurmond National Defense Authorization Act for Fiscal Year 1999 (Public Law 105 261; 50 U.S.C. 1701 note) or entity identified under section 1260hof the William M. (Mac) Thornberry National Defense Authorization Act for Fiscal Year 2021 (10 U.S.C. 113 note; Public Law 116 283) may receive or participate in any grant, award, program, support, or other activity under the Directorate for Technology, Innovation and Partnerships.

Reverse Site Visit and/or External Reviews

At least one new, stable, public release of the product addressing a subset of the identified vulnerabilities.
Achievement of performance targets agreed upon between NSF and the proposing organization as part of the cooperative agreement.
For software-focused products/ecosystems, demonstrable compliance with the "MUST" criteria included in the OpenSSF's passing level of badging for open-source software. For non-software products/ecosystems, the full project proposal should document comparable performance standards for safety, security, and privacy.

C. Reporting Requirements

For all multi-year grants (including both standard and continuing grants), the Principal Investigator must submit an annual project report to the cognizant Program Officer no later than 90 days prior to the end of the current budget period. (Some programs or awards require submission of more frequent project reports). No later than 120 days following expiration of a grant, the PI also is required to submit a final annual project report, and a project outcomes report for the general public.

Failure to provide the required annual or final annual project reports, or the project outcomes report, will delay NSF review and processing of any future funding increments as well as any pending proposals for all identified PIs and co-PIs on a given award. PIs should examine the formats of the required reports in advance to assure availability of required data.

PIs are required to use NSF's electronic project-reporting system, available through Research.gov, for preparation and submission of annual and final annual project reports. Such reports provide information on accomplishments, project participants (individual and organizational), publications, and other specific products and impacts of the project. Submission of the report via Research.gov constitutes certification by the PI that the contents of the report are accurate and complete. The project outcomes report also must be prepared and submitted using Research.gov. This report serves as a brief summary, prepared specifically for the public, of the nature and outcomes of the project. This report will be posted on the NSF website exactly as it is submitted by the PI.

More comprehensive information on NSF Reporting Requirements and other important information on the administration of NSF awards is contained in the NSF Proposal & Award Policies & Procedures Guide (PAPPG) Chapter VII, available electronically on the NSF Website at https://www.nsf.gov/publications/pub_summ.jsp?ods_key=pappg.

VIII. Agency Contacts

Please note that the program contact information is current at the time of publishing. See program website for any updates to the points of contact.

General inquiries regarding this program should be made to:

Nina Amla, Senior Science Advisor, CISE/OAD, telephone: (703) 292-7991, email: pose@nsf.gov
Peter S. Atherton, Program Director, TIP/TI, telephone: (703) 292-8772, email: pose@nsf.gov
Daniela A. Oliveira, Program Director, CISE/CNS, telephone: (703) 292-4352, email: pose@nsf.gov
Olga Pierrakos, Program Director, EDU/DUE, telephone: (703) 292-7253, email: pose@nsf.gov
Jeffrey M. Stanton, Program Director, TIP/TI, telephone: (703) 292-7794, email: pose@nsf.gov
Selcuk Uluagac, Program Director, CISE/CNS, telephone: (703) 292-4540, email: pose@nsf.gov

For questions related to the use of NSF systems contact:

NSF Help Desk: 1-800-381-1532
Research.gov Help Desk e-mail: rgov@nsf.gov

For questions relating to Grants.gov contact:

Grants.gov Contact Center: If the Authorized Organizational Representatives (AOR) has not received a confirmation message from Grants.gov within 48 hours of submission of application, please contact via telephone: 1-800-518-4726; e-mail: support@grants.gov.

IX. Other Information

The NSF website provides the most comprehensive source of information on NSF Directorates (including contact information), programs and funding opportunities. Use of this website by potential proposers is strongly encouraged. In addition, "NSF Update" is an information-delivery system designed to keep potential proposers and other interested parties apprised of new NSF funding opportunities and publications, important changes in proposal and award policies and procedures, and upcoming NSF Grants Conferences. Subscribers are informed through e-mail or the user's Web browser each time new publications are issued that match their identified interests. "NSF Update" also is available on NSF's website.

Grants.gov provides an additional electronic capability to search for Federal government-wide grant opportunities. NSF funding opportunities may be accessed via this mechanism. Further information on Grants.gov may be obtained at https://www.grants.gov.

About The National Science Foundation

The National Science Foundation (NSF) is an independent Federal agency created by the National Science Foundation Act of 1950, as amended (42 USC 1861-75). The Act states the purpose of the NSF is "to promote the progress of science; [and] to advance the national health, prosperity, and welfare by supporting research and education in all fields of science and engineering."

NSF funds research and education in most fields of science and engineering. It does this through grants and cooperative agreements to more than 2,000 colleges, universities, K-12 school systems, businesses, informal science organizations and other research organizations throughout the US. The Foundation accounts for about one-fourth of Federal support to academic institutions for basic research.

NSF receives approximately 55,000 proposals each year for research, education and training projects, of which approximately 11,000 are funded. In addition, the Foundation receives several thousand applications for graduate and postdoctoral fellowships. The agency operates no laboratories itself but does support National Research Centers, user facilities, certain oceanographic vessels and Arctic and Antarctic research stations. The Foundation also supports cooperative research between universities and industry, US participation in international scientific and engineering efforts, and educational activities at every academic level.

Facilitation Awards for Scientists and Engineers with Disabilities (FASED) provide funding for special assistance or equipment to enable persons with disabilities to work on NSF-supported projects. See the NSF Proposal & Award Policies & Procedures Guide Chapter II.F.7 for instructions regarding preparation of these types of proposals.

The National Science Foundation has Telephonic Device for the Deaf (TDD) and Federal Information Relay Service (FIRS) capabilities that enable individuals with hearing impairments to communicate with the Foundation about NSF programs, employment or general information. TDD may be accessed at (703) 292-5090 and (800) 281-8749, FIRS at (800) 877-8339.

The National Science Foundation Information Center may be reached at (703) 292-5111.

The National Science Foundation promotes and advances scientific progress in the United States by competitively awarding grants and cooperative agreements for research and education in the sciences, mathematics, and engineering.

To get the latest information about program deadlines, to download copies of NSF publications, and to access abstracts of awards, visit the NSF Website at https://www.nsf.gov.

Location:	2415 Eisenhower Avenue, Alexandria, VA 22314
For General Information (NSF Information Center):	(703) 292-5111
TDD (for the hearing-impaired):	(703) 292-5090
To Order Publications or Forms:
Send an e-mail to:	nsfpubs@nsf.gov
or telephone:	(703) 292-8134
To Locate NSF Employees:	(703) 292-5111

Privacy Act And Public Burden Statements

The information requested on proposal forms and project reports is solicited under the authority of the National Science Foundation Act of 1950, as amended. The information on proposal forms will be used in connection with the selection of qualified proposals; and project reports submitted by proposers will be used for program evaluation and reporting within the Executive Branch and to Congress. The information requested may be disclosed to qualified reviewers and staff assistants as part of the proposal review process; to proposer institutions/grantees to provide or obtain data regarding the proposal review process, award decisions, or the administration of awards; to government contractors, experts, volunteers and researchers and educators as necessary to complete assigned work; to other government agencies or other entities needing information regarding proposers or nominees as part of a joint application review process, or in order to coordinate programs or policy; and to another Federal agency, court, or party in a court or Federal administrative proceeding if the government is a party. Information about Principal Investigators may be added to the Reviewer file and used to select potential candidates to serve as peer reviewers or advisory committee members. See System of Record Notices, NSF-50, "Principal Investigator/Proposal File and Associated Records," and NSF-51, "Reviewer/Proposal File and Associated Records." Submission of the information is voluntary. Failure to provide full and complete information, however, may reduce the possibility of receiving an award.

An agency may not conduct or sponsor, and a person is not required to respond to, an information collection unless it displays a valid Office of Management and Budget (OMB) control number. The OMB control number for this collection is 3145-0058. Public reporting burden for this collection of information is estimated to average 120 hours per response, including the time for reviewing instructions. Send comments regarding the burden estimate and any other aspect of this collection of information, including suggestions for reducing this burden, to:

Suzanne H. Plimpton
Reports Clearance Officer
Policy Office, Division of Institution and Award Support
Office of Budget, Finance, and Award Management
National Science Foundation
Alexandria, VA 22314

Active funding opportunity