The Senate Armed Services Committee has advanced legislation that would set up a grant program for small businesses and nontraditional contractors to cover the costs of Cybersecurity Maturity Model Certification (CMMC) compliance.
The CMMC grant program is included in the full text of the committee’s fiscal 2027 defense authorization bill. The committee released the text after approving the bill in a June 10 closed-door mark up. If passed into law, the provision would require the Defense Department to establish the CMMC grant program by July 1, 2027.
DoD is ramping up CMMC “Level Two” requirements starting this November. Those requirements are expected to apply to tens of thousands of companies. They generally require contractors that are expected to handle sensitive controlled unclassified information (CUI) to have their data security practices evaluated by a CMMC Third-party Assessment Organization (C3PAO).