H.J. Res. 40 (119th)Bill Overview

Disapprove the Department of Defense Cybersecurity Maturity Model Certification…

CRA DisapprovalArmed Forces and National Security|Administrative law and regulatory proceduresArmed Forces and National Security
Cosponsors
Support
Republican
Introduced
Feb 12, 2025
Discussions
Bill Text
Current stageCommittee

Referred to the House Committee on Armed Services.

Introduced
Committee
Floor
President
Law
Congressional Activities
01 · The brief
CRA DisapprovalWhat this resolution actually does

This resolution uses the Congressional Review Act to overturn a recently issued agency rule. If Congress passes this joint resolution and the President signs it (or Congress overrides a veto), the specified Department of Defense rule would be nullified and have no force. The CRA also prevents the Department of Defense from issuing a new rule that is substantially the same unless Congress enacts new legislation. The Senate considers CRA disapproval measures under expedited procedures that limit debate.

Rule targeted

The Department of Defense rule titled "Cybersecurity Maturity Model Certification (CMMC) Program" (89 Fed. Reg. 83092 (October 15, 2024)).

Issuing agency

Department of Defense (DOD)

Passage rules

Under the CRA, disapproval resolutions are subject to expedited procedures in the Senate that prevent filibusters and require only a simple majority; the measure still must pass both chambers and be presented to the President for signature or veto.

This joint resolution invokes the Congressional Review Act to disapprove and nullify the Department of Defense rule on the Cybersecurity Maturity Model Certification (CMMC) Program (89 Fed.

Reg. 83092, Oct 15, 2024).

If enacted, the rule would have no force or effect.

Passage40/100

Very narrow administrative target helps, but stakeholder opposition and typical upper‑chamber barriers reduce odds; outcome sensitive to timing and executive response.

CredibilityAligned

Relative to its intended legislative type, this bill is a narrowly focused Congressional Review Act disapproval that is clear about its target and immediate legal effect. It integrates adequately with the enabling statute and identifies the specific Federal Register citation.

Contention70/100

Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden

02 · What it does

Who stands to gain, and who may push back.

Likely benefits vs burdens50% / 50%
Likely helpedLikely burdened

These are examples from the analysis, not a ranked list of the most-affected groups.

Likely helped
  • Potential benefitReduces immediate compliance costs for contractors who would have needed CMMC certification.
  • Potential benefitLowers contracting administrative burden and paperwork associated with certification verification.
  • Potential benefitMay benefit small and mid-size suppliers by avoiding certification-related barriers to bidding.
Likely burdened
  • Potential burdenIncreases risk that inconsistent cybersecurity practices persist across the defense industrial base.
  • Potential burdenRaises the likelihood of data breaches affecting controlled unclassified information handled by contractors.
  • Potential burdenReduces DOD's standardized enforcement mechanism for baseline cybersecurity across suppliers.
03 · Why people split

Why the argument around this bill splits.

Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden
Progressive15%

This persona would likely oppose the resolution.

They view the CMMC rule as a necessary baseline to protect controlled unclassified information and the defense supply chain, and see nullification as weakening cybersecurity protections.

Likely resistant
Centrist50%

This persona would be cautious and mixed.

They see legitimate goals in CMMC but worry about process, costs, and small-business burdens; they would prefer fixing implementation rather than outright nullification.

Split reaction
Conservative80%

This persona would likely support the resolution.

They view the CMMC rule as federal overreach that imposes costly, prescriptive requirements on private contractors and stifles competition and flexibility.

Leans supportive
04 · Can it pass?

The path through Congress.

Introduced

Reached or meaningfully advanced

Committee

Reached or meaningfully advanced

Floor

Still ahead

President

Still ahead

Law

Still ahead

Passage likelihood40/100

Very narrow administrative target helps, but stakeholder opposition and typical upper‑chamber barriers reduce odds; outcome sensitive to timing and executive response.

Scope and complexity
24%
Scopenarrow
24%
Complexitylow
Why this could stall
  • Absent cost/benefit analysis in bill text
  • Executive-branch position on nullification
05 · Recent votes

Recent votes on the bill.

No vote history yet

The bill has not accumulated any surfaced votes yet.

06 · Go deeper

Go deeper than the headline read.

Included on this page

Liberal emphasizes national-security benefits of CMMC; conservatives emphasize regulatory burden

Very narrow administrative target helps, but stakeholder opposition and typical upper‑chamber barriers reduce odds; outcome sensitive to ti…

Unlocked analysis

Relative to its intended legislative type, this bill is a narrowly focused Congressional Review Act disapproval that is clear about its target and immediate legal effect. It integrates adequately with the enabling statu…

Go beyond the headline summary with full stakeholder mapping, legislative design analysis, passage barriers, and lens-by-lens tradeoff breakdowns.

Perspective breakdownsPassage barriersLegislative design reviewStakeholder impact map
Open full analysis