US
US Federal House Bill HJR40
US Federal 2025-2026 Regular Session
Menu
US

US Federal 2025-2026 Regular Session

US Federal House Bill HJR40

Introduced
2/12/25  

Caption

This joint resolution nullifies the Department of Defense (DOD) rule titled Cybersecurity Maturity Model Certification (CMMC) Program (89 Fed. Reg. 83092) and published on October 15, 2024. Among other elements, the rule establishes the Cybersecurity Maturity Model Certification Program. The program institutes policies regarding the protection of Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) that is processed, stored, or transmitted on defense contractor and subcontractor information systems during defense contract performance. The rule also identifies entities to which the rule applies and describes DOD implementation of the program.

Impact

The passage of HJR40 would prevent the enforcement of the CMMC rule, which may have wide-ranging implications for defense contractors and businesses in the cybersecurity space. Without the CMMC certification requirements, experts suggest that the protection of sensitive defense-related information could be compromised, resulting in increased vulnerability to cyberattacks. The immediate effect on businesses would be the elimination of the compliance burden that CMMC would impose, but in the long term, this might weaken overall cybersecurity governance within the defense sector.

Summary

HJR40 is a joint resolution that seeks to disapprove a rule set forth by the Department of Defense regarding the Cybersecurity Maturity Model Certification (CMMC) Program. This resolution is an expression of Congress's authority to overturn regulations that it deems unnecessary or overreaching. The CMMC program involves a framework intended to enhance cybersecurity standards within the defense industrial base, aimed at protecting sensitive information from cyber threats. However, this resolution will potentially halt its implementation, indicating serious concerns amongst some legislators about the requirements proposed under this program.

Contention

Debate surrounding HJR40 has called attention to the balance between necessary government regulations and undue restrictions on businesses. Proponents of the resolution argue that the CMMC outlines an overly complex and potentially costly set of obligations that may hinder smaller companies’ ability to compete for defense contracts. In contrast, opponents counter that rejecting the CMMC undermines essential measures needed to safeguard national security interests. This legislative maneuver reflects differing views on the role of regulatory oversight in ensuring cybersecurity readiness in critical sectors.

Congress_id

119-HJRES-40

Policy_area

Armed Forces and National Security

Introduced_date

2025-02-12

Latest US HJR40 Activity

View All Events: US 2025-2026 Regular Session HJR40

Companion Bills

No companion bills found.

Previously Filed As

US HB1915

Establishes rules to govern contracts between contractors, subcontractors, and other parties to construction contracts

US HB3166

Establishes rules to govern contracts between contractors, subcontractors, and other parties to construction contracts

US HB1089

Establishes rules to govern contracts between contractors, subcontractors, and other parties to construction contracts

US HJR41

This joint resolution nullifies the rule issued by the Department of Education titled Postsecondary Student Success Grant and published on June 7, 2024. The rule proposes priorities, requirements, and definitions for use in the Postsecondary Student Success Grant program.

US HB872

Federal Contractor Cybersecurity Vulnerability Reduction Act of 2025This bill requires revisions to acquisition regulations related to information systems vulnerabilities for certain federal contractors. The revisions apply to contractors whose contract is at or above the simplified acquisition threshold ($250,000 in most cases) or that use, operate, manage, or maintain a federal information system on behalf of an agency. Under the bill, the Office of Management and Budget must review the Federal Acquisition Regulation (FAR) and recommend updated contract requirements and language for contractor vulnerability disclosure programs. (Such programs establish processes for identifying, reporting, and mitigating information system vulnerabilities discovered by security researchers, software developers, and others.) The recommendations must include requirements to ensure that such contractors implement vulnerability disclosure policies consistent with guidelines from the National Institute of Standards and Technology. The Federal Acquisition Regulation Council must review these recommendations and update the FAR as necessary to incorporate requirements for such contractors to receive information about potential security vulnerabilities in contractor information systems used in performance of contract.The Department of Defense (DOD) must conduct a similar review and update of regulations with respect to the DOD Supplement to the FAR.

US HJR43

This joint resolution nullifies the Environmental Protection Agency rule titled New Source Performance Standards Review for Volatile Organic Liquid Storage Vessels (Including Petroleum Liquid Storage Vessels) (89 Fed. Reg. 83296) and published on October 15, 2024. Among other elements, the rule modifies the new source performance standards for volatile organic liquid storage vessels under the Clean Air Act for sources constructed, modified, or reconstructed after October 4, 2023.

US SJR12

This joint resolution nullifies the Environmental Protection Agency (EPA) rule titled Waste Emissions Charge for Petroleum and Natural Gas Systems: Procedures for Facilitating Compliance, Including Netting and Exemptions and published on November 18, 2024. The rule outlines compliance requirements under the Methane Emissions Reduction Program. Under the program, the EPA collects an annual charge on emissions of methane and other greenhouse gases from entities in the oil and gas sector if their emissions exceed specified waste emissions thresholds.

US SJR19

This joint resolution nullifies the Environmental Protection Agency rule titled Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA) (89 Fed. Reg. 102568) and published on December 17, 2024. Among other elements, the rule prohibits the manufacturing, import, processing, and distribution in commerce of trichloroethylene (TCE) for all uses (including consumer uses), and prohibits the industrial and commercial use of TCE.

US HJR27

This joint resolution nullifies the Environmental Protection Agency rule titled Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA) (89 Fed. Reg. 102568) and published on December 17, 2024. Among other elements, the rule prohibits the manufacturing, import, processing, and distribution in commerce of trichloroethylene (TCE) for all uses (including consumer uses), and prohibits the industrial and commercial use of TCE.

US HJR34

This joint resolution nullifies the Environmental Protection Agency rule titled Trichloroethylene (TCE); Regulation Under the Toxic Substances Control Act (TSCA) (89 Fed. Reg. 102568) and published on December 17, 2024. Among other elements, the rule prohibits the manufacturing, import, processing, and distribution in commerce of trichloroethylene (TCE) for all uses (including consumer uses), and prohibits the industrial and commercial use of TCE.

Similar Bills

No similar bills found.