H.J.Res.40 - Providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Department of Defense relating to Cybersecurity Maturity Model Certification (CMMC) Program. (119th Congress)
Summary
H.J. Res. 40 is a joint resolution introduced in the House of Representatives aiming to disapprove a rule submitted by the Department of Defense (DoD) regarding the Cybersecurity Maturity Model Certification (CMMC) Program. The resolution invokes chapter 8 of title 5, United States Code, which provides a mechanism for Congress to review and potentially overturn agency regulations.
The CMMC program, as referenced in the document (89 Fed. Reg. 83092 (October 15, 2024)), is intended to enhance cybersecurity standards within the defense industrial base. The resolution seeks to nullify this rule, preventing it from taking effect.
The resolution was submitted by Mr. Clyde and referred to the Committee on Armed Services.
Expected Effects
If the resolution is passed by both the House and the Senate, and not vetoed by the President, the Department of Defense's rule regarding the CMMC program will be invalidated.
This would mean that the cybersecurity standards and certification processes outlined in the disapproved rule would not be enforced. The immediate effect would be to halt the implementation of the specific CMMC framework detailed in the rule.
Potential Benefits
- Potentially reduces compliance costs for defense contractors, especially small businesses, if the CMMC requirements are deemed overly burdensome.
- May allow for a re-evaluation of the cybersecurity requirements, potentially leading to a more efficient or effective approach.
- Could prevent the implementation of a flawed or poorly designed cybersecurity program that might hinder innovation or competitiveness.
- Reinforces congressional oversight of executive branch agencies and their rulemaking processes.
- Addresses concerns about the specific CMMC program outlined in the disapproved rule.
Potential Disadvantages
- Could weaken cybersecurity standards within the defense industrial base, making it more vulnerable to cyberattacks.
- May delay the implementation of necessary cybersecurity improvements, leaving sensitive defense information at risk.
- Creates uncertainty for defense contractors who may have already begun preparing for CMMC compliance.
- Potentially undermines the Department of Defense's efforts to protect national security through enhanced cybersecurity.
- Could lead to a fragmented or inconsistent approach to cybersecurity across the defense industrial base.
Most Disadvantaged Areas:
Constitutional Alignment
The resolution aligns with Article I, Section 1 of the US Constitution, which vests all legislative powers in Congress. This includes the power to review and disapprove rules and regulations issued by executive branch agencies.
Chapter 8 of Title 5, United States Code, provides the statutory basis for this congressional review process, often referred to as the Congressional Review Act (CRA). The CRA allows Congress to disapprove agency rules through a joint resolution, which, if passed by both houses and signed by the President (or if a presidential veto is overridden), nullifies the rule.
This process is a check on the power of the executive branch and ensures that agencies are accountable to Congress and the people.
Impact Assessment: Things You Care About ⓘ
This action has been evaluated across 19 key areas that matter to you. Scores range from 1 (highly disadvantageous) to 5 (highly beneficial).