House Small Business panel leaders seek assessment of Pentagon cyber certification program

By Sara Friedman / September 16, 2021 at 10:56 AM

Leaders from the House Small Business oversight subcommittee are working to get an amendment into the fiscal year 2022 defense authorization bill that would direct the Pentagon to assess the small business impacts of the Defense Department's Cybersecurity Maturity Model Certification program.

The amendment filed by subcommittee Chairman Dean Phillips (D-MN) and Ranking Member Beth Van Duyne (R-TX) addresses the costs small businesses will face to reach compliance with the CMMC program. DOD is rolling out the CMMC program over a five-year period and will require CMMC language in contract solicitations starting Oct. 1, 2026.

The lawmakers are asking for a review in three areas:

  • The estimated costs of complying with each level of the framework.
  • Any decrease in the number of small business concerns that are part of the defense industrial base resulting from the implementation and use of the framework.
  • An explanation of how the Department of Defense will mitigate the negative effects to small business concerns that are part of the defense industrial base resulting from the implementation and use of the framework.

The subcommittee held a hearing with representatives from the small business community on the impacts of the CMMC program in July.

At the time of the hearing, Pentagon spokeswoman Jessica Maxwell told Inside Cybersecurity DOD will "look for avenues in which to reduce the costs to small businesses while keeping the integrity of the cybersecurity requirements" as part of its internal review of the CMMC program.

212672