CICI — Cybersecurity Innovation for Cyberinfrastructure
Funds United States cybersecurity research and infrastructure through the NSF to strengthen resilient digital systems.
The Cybersecurity Innovation for Cyberinfrastructure (CICI) program, issued under solicitation NSF 25-531, funds the development, implementation, and deployment of security solutions that protect the open and trusted cyberinfrastructure underpinning U.S. scientific research and education. The program is administered by NSF's Office of Advanced Cyberinfrastructure under program code 802700 and runs on an annual cycle with the next deadline set for January 20, 2027 — the third Wednesday of January each year. Total program funding ranges from $8 million to $12 million per cycle, supporting 12 to 20 awards.
CICI is structured around four distinct tracks with differentiated scope and award caps, all as 3-year grants. The Usable and Collaborative Security for Science (UCSS) track and the Reliable and Secure Software Development (RSSD) track each cap at $600,000. The Infrastructure Protection and AI-based security for Advanced cyberInfrastructure (IPAAI) track caps at $900,000 and expects four to six awards. The Trusted CI Reference (TCR) track, targeting trusted cyberinfrastructure reference designs, caps at $1,200,000 and expects two to four awards. For-profit companies are not eligible as lead institutions; universities, nonprofit research organizations, and other academic institutions are the expected applicants. Any individual may serve as PI or co-PI on no more than two CICI proposals per deadline — proposals that exceed this limit are returned without review.
Strong proposals identify a concrete security gap in operational research cyberinfrastructure and present a solution deployable by the broader research community rather than a single institution. Submissions proceed through Research.gov or Grants.gov following standard NSF requirements. Teams should confirm track alignment early, as UCSS addresses human-centered security usability, RSSD addresses software security practices, TCR addresses reference implementations, and IPAAI addresses AI-driven infrastructure protection — each with its own review criteria articulated in NSF 25-531.
Cybersecurity tools, practices, and frameworks protecting open research cyberinfrastructure. Tracks: UCSS (usable security), RSSD (software security), TCR (trusted CI reference designs), IPAAI (infrastructure protection and AI-based security).
Sign up free to see the funding breakdown
Sign up free to see the industries in scope
Sign up free to see the full eligibility
Sign up free to see how to apply
Sign up free to see the timeline
Sign up free to see where teams trip up