PolicySoupstir the potALPHA

H.J. Res. 40 (119th)Bill Overview
Full Analysis

Disapprove the Department of Defense Cybersecurity Maturity Model Certification…

CRA DisapprovalArmed Forces and National Security|Administrative law and regulatory proceduresArmed Forces and National Security
Sponsor
Andrew S. ClydeR
Cosponsors
Support
Republican
Introduced
Feb 12, 2025
Discussions
0
Bill Text
View ↗
Current stageCommittee

Referred to the House Committee on Armed Services.

Introduced
Committee
Floor
President
Law
Congressional Activities
01 · The brief
Plain-English summaryWhat this bill actually does

This joint resolution invokes the Congressional Review Act to disapprove and nullify the Department of Defense rule on the Cybersecurity Maturity Model Certification (CMMC) Program (89 Fed. Reg. 83092, Oct 15, 2024).

Why people may split

Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden

Watch point

Narrow administrative action improves prospects in chamber where rule disapprovals are frequent, but defense and contractor interests could split votes.

This joint resolution invokes the Congressional Review Act to disapprove and nullify the Department of Defense rule on the Cybersecurity Maturity Model Certification (CMMC) Program (89 Fed.

Reg. 83092, Oct 15, 2024).

If enacted, the rule would have no force or effect.

Passage40/100

Very narrow administrative target helps, but stakeholder opposition and typical upper‑chamber barriers reduce odds; outcome sensitive to timing and executive response.

CredibilityPartial

How solid the drafting looks.

Contention70/100

Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden

02 · What it does
Full Analysis

Who stands to gain, and who may push back.

Likely benefits vs burdens50% / 50%
Likely helpedLikely burdened

These are examples from the analysis, not a ranked list of the most-affected groups.

Likely helped
  • Potential benefitReduces immediate compliance costs for contractors who would have needed CMMC certification.
  • Potential benefitLowers contracting administrative burden and paperwork associated with certification verification.
  • Potential benefitMay benefit small and mid-size suppliers by avoiding certification-related barriers to bidding.
Likely burdened
  • Potential burdenIncreases risk that inconsistent cybersecurity practices persist across the defense industrial base.
  • Potential burdenRaises the likelihood of data breaches affecting controlled unclassified information handled by contractors.
  • Potential burdenReduces DOD's standardized enforcement mechanism for baseline cybersecurity across suppliers.
03 · Why people split
Full Analysis

Why the argument around this bill splits.

Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden
Progressive15%

This persona would likely oppose the resolution.

They view the CMMC rule as a necessary baseline to protect controlled unclassified information and the defense supply chain, and see nullification as weakening cybersecurity protections.

Likely resistant
Centrist50%

This persona would be cautious and mixed.

They see legitimate goals in CMMC but worry about process, costs, and small-business burdens; they would prefer fixing implementation rather than outright nullification.

Split reaction
Conservative80%

This persona would likely support the resolution.

They view the CMMC rule as federal overreach that imposes costly, prescriptive requirements on private contractors and stifles competition and flexibility.

Leans supportive
04 · Can it pass?
Full Analysis

The path through Congress.

Introduced

Reached or meaningfully advanced

Committee

Reached or meaningfully advanced

Floor

Still ahead

President

Still ahead

Law

Still ahead

Passage likelihood40/100

Very narrow administrative target helps, but stakeholder opposition and typical upper‑chamber barriers reduce odds; outcome sensitive to timing and executive response.

Scope and complexity
24%
Scopenarrow
24%
Complexitylow
Why this could stall
  • Absent cost/benefit analysis in bill text
  • Executive-branch position on nullification
05 · Recent votes

Recent votes on the bill.

No vote history yet

The bill has not accumulated any surfaced votes yet.

06 · Go deeper

Go deeper than the headline read.

Included on this page

Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden

Very narrow administrative target helps, but stakeholder opposition and typical upper‑chamber barriers reduce odds; outcome sensitive to ti…

Unlocked analysis

Pro readers get the full perspective split, passage barriers, legislative design review, stakeholder impact map, and lens-based policy tradeoff analysis for Disapprove the Department of Defense Cybersecurity Maturity Mo…

Go beyond the headline summary with full stakeholder mapping, legislative design analysis, passage barriers, and lens-by-lens tradeoff breakdowns.

Perspective breakdownsPassage barriersLegislative design reviewStakeholder impact map
Open full analysis