- Potential benefitReduces immediate compliance costs for contractors who would have needed CMMC certification.
- Potential benefitLowers contracting administrative burden and paperwork associated with certification verification.
- Potential benefitMay benefit small and mid-size suppliers by avoiding certification-related barriers to bidding.
Disapprove the Department of Defense Cybersecurity Maturity Model Certification…
Referred to the House Committee on Armed Services.
This resolution uses the Congressional Review Act to overturn a recently issued agency rule. If Congress passes this joint resolution and the President signs it (or Congress overrides a veto), the specified Department of Defense rule would be nullified and have no force. The CRA also prevents the Department of Defense from issuing a new rule that is substantially the same unless Congress enacts new legislation. The Senate considers CRA disapproval measures under expedited procedures that limit debate.
The Department of Defense rule titled "Cybersecurity Maturity Model Certification (CMMC) Program" (89 Fed. Reg. 83092 (October 15, 2024)).
Department of Defense (DOD)
Under the CRA, disapproval resolutions are subject to expedited procedures in the Senate that prevent filibusters and require only a simple majority; the measure still must pass both chambers and be presented to the President for signature or veto.
This joint resolution invokes the Congressional Review Act to disapprove and nullify the Department of Defense rule on the Cybersecurity Maturity Model Certification (CMMC) Program (89 Fed.
Reg. 83092, Oct 15, 2024).
If enacted, the rule would have no force or effect.
Very narrow administrative target helps, but stakeholder opposition and typical upper‑chamber barriers reduce odds; outcome sensitive to timing and executive response.
Relative to its intended legislative type, this bill is a narrowly focused Congressional Review Act disapproval that is clear about its target and immediate legal effect. It integrates adequately with the enabling statute and identifies the specific Federal Register citation.
Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden
Who stands to gain, and who may push back.
These are examples from the analysis, not a ranked list of the most-affected groups.
- Potential burdenIncreases risk that inconsistent cybersecurity practices persist across the defense industrial base.
- Potential burdenRaises the likelihood of data breaches affecting controlled unclassified information handled by contractors.
- Potential burdenReduces DOD's standardized enforcement mechanism for baseline cybersecurity across suppliers.
Why the argument around this bill splits.
Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden
This persona would likely oppose the resolution.
They view the CMMC rule as a necessary baseline to protect controlled unclassified information and the defense supply chain, and see nullification as weakening cybersecurity protections.
This persona would be cautious and mixed.
They see legitimate goals in CMMC but worry about process, costs, and small-business burdens; they would prefer fixing implementation rather than outright nullification.
This persona would likely support the resolution.
They view the CMMC rule as federal overreach that imposes costly, prescriptive requirements on private contractors and stifles competition and flexibility.
The path through Congress.
Reached or meaningfully advanced
Reached or meaningfully advanced
Still ahead
Still ahead
Still ahead
Very narrow administrative target helps, but stakeholder opposition and typical upper‑chamber barriers reduce odds; outcome sensitive to timing and executive response.
- Absent cost/benefit analysis in bill text
- Executive-branch position on nullification
Recent votes on the bill.
No vote history yet
The bill has not accumulated any surfaced votes yet.
Go deeper than the headline read.
Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden
Very narrow administrative target helps, but stakeholder opposition and typical upper‑chamber barriers reduce odds; outcome sensitive to ti…
Relative to its intended legislative type, this bill is a narrowly focused Congressional Review Act disapproval that is clear about its target and immediate legal effect. It integrates adequately with the enabling statu…
Go beyond the headline summary with full stakeholder mapping, legislative design analysis, passage barriers, and lens-by-lens tradeoff breakdowns.