Legislative action
House Subcommittee Proposes NDAA Amendment for Clarity on CMMC Accreditation Costs
Rep. Dean Phillips, chairman of the House Small Business Subcommittee on Investigations, Oversight and Regulations, proposed an amendment to the draft fiscal year 2022 National Defense Authorization Act that would provide clarity over the costs needed to comply with the Cybersecurity Maturity Model Certification program.
The amendment would require the Department of Defense to provide Congress with a report detailing how much small businesses will have to shoulder for CMMC, how many companies would be pushed out of the market due to additional costs and how the agency intends to mitigate negative effects, FedScoop reported.
While Phillips acknowledged the importance of ensuring cybersecurity and that defense contractors have to become more resilient and prepared for cyber attacks, he expressed concern about additional burdens brought on by CMMC.
“The CMMC initiative has the potential of driving many small businesses out of the defense industrial base. Therefore, we must get it right,” Phillips said in a statement.
His statements echoed that of small business leaders during a June House Small Business Committee hearing.
Jonathan Williams, a partner at the Washington, D.C.-based law firm PilieroMazza, told lawmakers that small businesses should be excused from complying with higher levels of the CMMC.
He argued that keeping requirements to a bare minimum ensures that organizations have at least the basic cybersecurity protections in place while avoiding significant costs.
The DOD vowed to minimize CMMC accreditation costs for small businesses as part of an ongoing program review.
The internal review, which began in March, caused more uncertainties, with trade associations saying potential changes to the CMMC’s timeline, scope and manner of implementation have affected company budgets, strategic planning and resource allocation.
Category: Cybersecurity