The NSPM-33 certification clock is running at different speeds depending on which federal agency funds the research. DOE's clock started first. NIH's started in January 2026. NSF's MFA mandate has been live since October 2024. DOD's clock has not started at all. The AE who knows which clock is loudest in the room at a covered institution (those receiving >$50M in annual federal R&D funding) controls the conversation. The AE who leads with a generic compliance pitch gets routed to procurement.
| Agency | Milestone | Date | Status |
|---|---|---|---|
| NSF | MFA for Research.gov | Oct 27, 2024 | Live |
| NSF | Phishing-resistant MFA (admin/financial roles) | Early 2025 | Live |
| DOE | Research security training | May 1, 2025 | Live |
| DOE | Common Forms | Dec 3, 2025 | Live |
| NIH | Common Forms + MFTRP restrictions | Jan 25, 2026 | Live |
| NIH | Research security training | May 25, 2026 | Approaching |
| General | Full RSP certification expectation | End of 2026 | Planning horizon |
| DOD | RSP certification clock | TBD | Not started |
What Has Already Passed
NSF MFA for Research.gov, live since October 27, 2024. NSF required multifactor authentication for all Research.gov users. Phishing-resistant MFA became mandatory for administrative and financial roles in early 2025. InCommon reported 95% institutional compliance within a week of the deadline. If the institution is still using workaround credentials for Research.gov access, that is a live compliance gap. Surface it. The identity infrastructure question here is narrow but revealing: can the institution's IdP signal MFA completion to federated SPs? Shibboleth can, if configured. But the configuration is manual, institution-by-institution, and the REFEDS MFA Profile signaling that would standardize it across the federation is still pending (see confidence label below).
DOE Research Security Training, effective May 1, 2025. All covered individuals on DOE award applications must have completed research security training. DOE also required Common Forms effective December 3, 2025. The training requirement creates a traceable-records obligation: the institution must demonstrate which individuals completed training, which maps directly to identity lifecycle data. If they cannot programmatically identify who is a "covered individual" on a given award, the training compliance record is unreliable. Federation-only architectures hit their first wall here. Shibboleth authenticates users; it does not track role-to-award mappings or training completion status. That data lives in the SIS, the grants management system, and the HR system. Connecting it to identity requires lifecycle management tooling that sits outside the IdP.
NIH Common Forms and MFTRP restrictions, effective January 25, 2026. NIH began requiring Common Forms and Biosketch for applications with due dates on or after January 25, 2026. The Malign Foreign Talent Recruitment Program restriction prohibits covered individuals currently party to MFTRPs from serving as Senior/Key Personnel on the same date. NIH research security training follows for applications submitted on or after May 25, 2026.
The MFTRP restriction carries an identity implication most campus architectures are not built to handle: the institution must be able to identify and verify the foreign engagement status of covered individuals before those individuals appear on award applications. That requires identity attributes most campus directories do not carry. Foreign engagement disclosures live in conflict-of-interest systems, not in LDAP. Connecting disclosure status to the identity layer so it can inform access decisions and application eligibility is an attribute governance problem. Both Shibboleth and Entra require integration with disclosure management workflows that feed attributes back into the IAM layer. Neither provides this natively.
What Is Closing Now
UW-Madison research data environment assessments, underway. UW-Madison began assessing research data environments against 20 cybersecurity controls (15 mapped to NSPM-33, 5 to CMMC Level 1) in October 2025. Phase 1 covered 20 environments with compliance reviews sent in April 2026. Phase 2 (32 PIs, 78 environments) responses were due May 29, 2026; outcomes have not been published as of this writing. The institution's RSP certification target is as soon as July 1, 2026.
UW-Madison is a leading indicator. The control domains in their assessment instrument are access control, identification and authentication, system integrity, awareness and training, and system communications, drawn from the January 2022 NSPM-33 Implementation Guidance and aligned with FAR 52.204-21. (Trusted CI's analysis of the 2022 guidance identifies 14 controls; UW-Madison counts 15. The difference appears to reflect counting methodology, not substantive control differences.) The access control and identification/authentication domains are exactly where Shibboleth has no native lifecycle management capability and where Entra's reach weakens outside the Azure ecosystem. Ask the buyer whether they have seen an assessment instrument yet. If they have, they are already thinking about gaps. If they have not, UW-Madison's timeline tells them what is coming.
General full-compliance expectation, end of 2026. Agencies that submitted implementation plans by the January 9, 2025 OSTP deadline received approval on varying timelines. The July 2024 OSTP guidelines establish that covered institutions have no more than 18 months from each agency's policy effective date to certify RSP compliance. (The COGR overview and Mondaq's March 2026 analysis provide the clearest public articulations of this staggered calculation; the specific agency approval dates that start each clock are not uniformly published.) The practical effect: every covered institution should be treating end of 2026 as the planning horizon for most agency clocks.
DOD, clock not yet started. IARPA's current guidance states explicitly:
"Since the RSP certification deadline has yet to be finalized, IARPA will accept proposals from covered institutions in the process of implementing RSPs." — IARPA
DOD has published a research security decision matrix (updated May 2025) and required training, but has not triggered the 18-month institutional certification clock. NASA has published no NSPM-33-specific implementation timeline in primary sources reviewed as of this writing.
If DOD dominates the institution's portfolio, the compliance urgency is lower. The preparation argument still holds, but do not manufacture a deadline that does not exist. If DOE or NIH dominates, the window is closing now.
The Identity Controls NSPM-33 Actually Requires
The 2022 Implementation Guidance identifies 14 cybersecurity controls, per Trusted CI's analysis. Twelve overlap with FAR 52.204-21's 15 basic safeguarding controls. The July 2024 OSTP guidelines deferred the formal cybersecurity standard to a pending NIST resource (NIST IR 8481), which remains unfinalized. Most institutions are treating the 2022 list as the operative baseline.
Four of the 14 controls land directly on identity infrastructure:
Access Control (CMMC 3.1.1, 3.1.2). Limit system access to authorized users. Limit access to the types of transactions those users are permitted to execute. This requires entitlement management: role-based or least-privilege access enforcement for research systems, with demonstrable evidence of who has access to what and why.
Identification and Authentication (CMMC 3.5.1, 3.5.2). Identify system users, processes acting on behalf of users, or devices. Authenticate those identities as a prerequisite to access. Read the language carefully: "processes acting on behalf of users." That is a non-human identity control embedded in a 2022 guidance document. Service accounts, API credentials, and automated processes touching research data environments fall under this requirement. Most campus identity architectures have no inventory of service accounts touching research data environments. When an auditor asks for one, the gap exposed is one that neither Shibboleth (designed for human browser-based federation) nor Entra (strongest within Azure-managed identity boundaries) covers natively in multi-cloud research computing contexts.
Awareness and Training. Traceable records of cybersecurity training completion per covered individual. Depends on accurate identity lifecycle data.
Scientific Data Protection. Protection from ransomware and data integrity attacks. Not a direct IAM control, but the access segmentation it implies depends on identity-driven policy enforcement.
The compliance question the institution must answer for an auditor: can we demonstrate that we control who accesses research data environments, that we enforce MFA, that we manage the full lifecycle of those identities including non-human ones, and that we review access entitlements on a defensible schedule?
Structural Limits of Federation-Only and Microsoft-Only Architectures
Both Shibboleth and Entra ID can be supplemented to address NSPM-33 controls. Structural completeness under these timelines, conditioned on IAM maturity, determines the size of the gap.
Shibboleth IdP
(Claims grounded in Shibboleth project documentation and InCommon community assessments. Last verified May 2026.)
Shibboleth handles authentication and attribute release to federated service providers. The institution's InCommon participation depends on it. Shibboleth V5 supports SAML 2.0 and OIDC, can signal the REFEDS MFA Profile to downstream SPs when MFA is configured at the IdP level, and supports conditional attribute release per relying party. This is community infrastructure the buyer helped build. Respect that.
What Shibboleth does not do, per its own project documentation:
No automated lifecycle management. Shibboleth does not provision or deprovision user accounts. The SAML JIT model creates accounts at first login but does not revoke them when a researcher leaves an award or departs the institution. Automated deprovisioning requires SCIM or equivalent, which is not native to the Shibboleth IdP.
No access certification or review workflows. No native capability for entitlement audits or certification campaigns. NSPM-33's access control requirements (CMMC 3.1.1, 3.1.2) require demonstrable evidence of access review. A separate identity governance tool is required.
No non-human identity governance. Shibboleth is designed for human user authentication via browser-based federation. Service principals, API credentials, and automated processes are outside its documented scope.
No risk-based conditional access. Shibboleth's policies are attribute-based per SP, not adaptive. It does not evaluate device compliance, session risk, or behavioral signals.
The InCommon Futures2 Strategy Report acknowledged this directly:
"Practitioners and architects struggle to quickly assemble effective solutions and maintain them on their own. These constraints create technical debt and stretch IT departments beyond their means." — InCommon Futures2 Strategy Report
The gap profile is maturity-dependent. A Tier 1 R1 with a dedicated IAM team can assemble the supplementary stack: Shibboleth for federation, a separate IGA tool for lifecycle and governance, Duo or another MFA provider integrated at the IdP, a SIEM for monitoring. That institution's gap is integration complexity and maintenance burden. The capabilities exist somewhere in the stack; keeping them wired together is the cost. A Tier 2 institution with two IAM staff cannot realistically build and maintain that stack before a 2026 certification deadline.
Microsoft Entra ID
(Claims verified against Microsoft Entra documentation. Last verified May 2026.)
Entra ID covers lifecycle management, conditional access, MFA, and access reviews within the Microsoft ecosystem. For institutions running M365 and Azure, Entra provides significant NSPM-33 control coverage out of the box. The bundle economics are real and formidable.
The structural limits surface at the edges of the Microsoft ecosystem:
Multi-cloud research computing. R1 research environments routinely span AWS, GCP, and on-premises HPC clusters. Entra's conditional access policies and lifecycle management are strongest within Azure. Cross-cloud identity governance requires supplementation or federation to other providers.
InCommon federation participation. Entra ID can serve as a SAML IdP for InCommon, but federation metadata management, attribute release policies, and REFEDS MFA Profile signaling require configuration work that is not native to the Entra admin experience. Many institutions maintain Shibboleth alongside Entra specifically for federation.
Research-specific NHI patterns. Service accounts for HPC job schedulers, data pipeline automation credentials, and research instrument API keys often live outside Entra's managed identity model, particularly in non-Azure environments.
For a community college consortium running Exchange Online and a handful of SaaS applications, Entra may cover the compliance surface adequately. For an R1 with a multi-cloud research computing environment, Entra covers significant ground but leaves gaps at the research computing perimeter.
REFEDS MFA Profile Enforcement Status
Verify current enforcement status against InCommon announcements before citing in a live conversation. The credibility cost of getting this wrong in front of a campus security team is not recoverable in that deal cycle.
InCommon announced in October 2024 that NSF planned to enforce MFA through InCommon federation based on the REFEDS MFA Profile "in the first half of 2025."
As of June 2026, formal federation-level enforcement does not appear to have been activated. The evidence:
REFEDS launched a working group in April 2025 to update the MFA Profile to add phishing-resistant MFA signaling, implying the existing profile had not yet been enforcement-triggered as a federated signal. The REFEDS MFA Profile v2.0 consultation remains open as of late May 2026. InCommon's January 2026 guidance used the framing "don't wait for these changes to become mandatory", which strongly implies they were not yet mandatory at that time.
What IS live: NSF requires MFA for Research.gov access (October 2024). Phishing-resistant MFA is required for administrative/financial roles (early 2025). 95% of InCommon institutions meet the practical requirement.
What is NOT confirmed live: Formal enforcement of REFEDS MFA Profile signaling as a federation-level gate for Research.gov access.
Cite the practical MFA requirement as fact. Flag the REFEDS signaling enforcement as pending. Do not tell a CISO it has been enforced if you cannot confirm it.
Conversational Entry Points by Tier
Tier 1 R1 (>$500M federal R&D, mature IAM team). They have identity infrastructure. The conversation is about whether their assembled stack can produce the compliance evidence an agency reviewer will require: automated access reviews across research data environments, lifecycle audit trails for covered individuals, NHI inventory for service accounts touching controlled data. Lead with UW-Madison's assessment model as a preview. Ask what their access review cadence is for research data environments today.
Tier 2 (>$50M federal R&D, small IAM team). The conversation is about timeline and staffing reality. They likely run Shibboleth for federation and may have Entra for M365. They probably do not have a separate IGA tool. The NSPM-33 controls require capabilities their current stack does not provide natively, and they do not have the staff to build a supplementary integration layer before certification deadlines arrive. Lead with the 18-month certification window. Ask which agencies have started their clock.
Tier 3 (community colleges, primarily teaching, limited federal research). Most are not covered institutions under NSPM-33's $50M threshold. If they participate in consortium research grants with a covered lead institution, the lead institution's RSP requirements may flow down. The conversation is narrow and specific. Do not overplay the compliance urgency.
The deadlines converge on one infrastructure question: can the institution demonstrate, with auditable evidence, that it controls identity across its research data environments? The institutions answering that question in 2026 will answer it with whatever architecture they have in place when the reviewer arrives. Auditors prefer evidence over timelines.
Things to follow up on...
- NIST IR 8481 finalization: The NIST cybersecurity resource that will define the formal standard for NSPM-33 RSP certification remains in draft, and its publication date will start a one-year institutional implementation clock that could shift every timeline in this piece.
- Shibboleth IdP V6.0 roadmap: The Shibboleth Consortium plans IdP V6.0 somewhere in the 2026–2027 timeframe, and the architectural changes it introduces could alter the supplementation calculus for institutions weighing federation-only approaches against NSPM-33 controls.
- Canvas breach identity fallout: The Federal Student Aid office's May 2026 technology security alert explicitly called out SSO connectors and identity providers as rotation targets after the Instructure breach, creating a live conversation opener at any institution running Canvas with federated authentication.
- InCommon Futures2 metrics deadline: InCommon set end-of-2026 targets of 80% of targeted institutions meeting identity requirements and 34% of researchers accessing CADRs with InCommon credentials, and whether those numbers land will signal how much the federation can bear of the NSPM-33 compliance load versus how much falls to institutional IAM stacks.