Leaders from the House Small Business oversight subcommittee are working to get an amendment into the fiscal year 2022 defense authorization bill that would direct the Pentagon to assess the small business impacts of the Defense Department's Cybersecurity Maturity Model Certification program.
The amendment filed by subcommittee Chairman Dean Phillips (D-MN) and Ranking Member Beth Van Duyne (R-TX) addresses the costs small businesses will face to reach compliance with the CMMC program. DOD is rolling out the CMMC program over a five-year period and will require CMMC language in contract solicitations starting Oct. 1, 2026.
The lawmakers are asking for a review in three areas:
The subcommittee held a hearing with representatives from the small business community on the impacts of the CMMC program in July.
At the time of the hearing, Pentagon spokeswoman Jessica Maxwell told Inside Cybersecurity DOD will "look for avenues in which to reduce the costs to small businesses while keeping the integrity of the cybersecurity requirements" as part of its internal review of the CMMC program.