Providing for congressional disapproval under chapter 8 of title 5, United States Code, of the rule submitted by the Department of Defense relating to "Cybersecurity Maturity Model Certification (CMMC) Program".

This joint resolution nullifies the Department of Defense (DOD) rule titled Cybersecurity Maturity Model Certification (CMMC) Program (89 Fed. Reg. 83092) and published on October 15, 2024. Among other elements, the rule establishes the Cybersecurity Maturity Model Certification Program. The program institutes policies regarding the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is processed, stored, or transmitted on defense contractor and subcontractor information systems during defense contract performance. The rule also identifies entities to which the rule applies and describes DOD implementation of the program.

Source: Congressional Research Service (CRS).