Congress passes defense policy bill with boosts to R&D and cybersecurity

The legislation includes a few new requirements for the CMMC. Trade groups touted its passage.
U.S. Capitol, Congress
(Getty Images)

Congress has sent President Biden a defense policy bill that would expand research and development budgets and make some changes to IT and cybersecurity policy.

The fiscal 2022 National Defense Authorization Act would allocate $768 billion overall to the national defense budget and mandate several policy changes within the Department of Defense. The president is expected to sign into law before the end of 2021.

The annual legislation was cleared by the Senate 89-10 on Wednesday after passing the House earlier this month in a vote of 363-70.



The noteworthy tech policy provisions include mandates to the Pentagon to review how the Cybersecurity Maturity Model Certification (CMMC) program applies to small businesses and how the DOD improve its communications with industry. The CMMC sets cybersecurity requirements for defense contractors, and smaller companies have expressed concern about the potential difficulty of meeting stringent cyber controls. Recent reports also indicate the DOD lacks effective communication with industry on the CMMC.

The DOD will also need to examine any conflicts in “cyber governance” between the department’s CIO, the head of the Defense Information Systems Agency and U.S. Cyber Command. The Pentagon will need to brief Congress every 30 days on its progress in evaluation, according to the bill text.

Other cyber provisions include a pilot program for the secretary of Defense to work with the director of the civilian Cybersecurity and Infrastructure Security Agency (CISA) and the White House’s national cyber director on agreements with internet companies to thwart cyberattacks.

Emerging tech

The bill would authorize increased funding for research and development, with nearly $117 billion directed to finding new science and tech break throughs. The total represents more than $5 billion above Biden’s requested amount, according to the bill text.


“These provisions support the Defense Department’s continued modernization efforts and, in concert with our highly skilled industrial base, provide the necessary resources for a strong national defense,” the National Defense Industry Association said in a statement.

The DOD’s new AI and Data Accelerator Initiative (ADA) will receive $57 million for experts in data science to embed in combatant commands to quickly tackle tech challenges.

Other trade groups applauded passage of the bill, which they say will increase DOD’s pace of modernization.

“The FY22 NDAA will continue to advance important elements of the Department’s mission, including modernizing its technology and enhancing U.S. leadership in innovation,” Gordon Bitko, ITI’s senior vice president of policy for public sector.

Bitko and others hedged their praise, saying “we encourage them to continue” efforts on improving cybersecurity and other key areas.

Latest Podcasts