Legislation
,
Standards, Regulations & Compliance
House and Senate FY27 Defense Bills Advance CMMC Relief and New AI Mandates
U.S. federal lawmakers aim to bolster security requirements for defense contractors and build new guardrails around the Pentagon’s push to deploy artificial intelligence across military networks through the annual defense policy bill making its way across Capitol Hill.
The House and Senate Armed Services Committees have advanced separate versions of the fiscal year 2027 National Defense Authorization Act, with both bills authorizing $1.15 trillion for national defense and calling for significant cybersecurity reforms across the defense industrial base. Each chamber must pass the draft bills before congressional negotiators can reconcile the two and send a final version to the president’s desk for signature.
The Senate bill includes cybersecurity provisions, such as establishing a grant program to help small businesses and nontraditional defense contractors cover the cost of reaching Cybersecurity Maturity Model Certification Level 2, addressing long-standing industry criticism that certification costs disproportionately affect small and mid-sized contractors grappling with nation-state adversaries.
The Senate measure directs the Pentagon to stand up a department wide system for the deployment of agentic AI systems, to develop a framework for assessing future quantum computing systems and to brief lawmakers on options for countering small drone swarms, according to a committee summary.
The House committee version carries its own CMMC provisions, along with a slate of AI directives. The Chief Digital and Artificial Intelligence Office is tasked with developing an “AI model rapid deployment framework” to authorize and deploy AI models across the Pentagon’s enterprise platforms.
On the defensive side, the House bill would establish a department wide system for reporting, tracking and remediating AI-related incidents and vulnerabilities. A separate provision would also require the Pentagon to set risk-informed rules for autonomous and AI-enabled systems that influence use-of-force decisions.
Both versions of the NDAA back the creation of a U.S.-Israel Defense Technology Cooperation Initiative to expand joint defense technology research, testing and industrial cooperation. An amendment to remove the initiative failed in the House, with Republicans and a majority of Democrats voting it down.
Defense contractors would face firmer CMMC expectations and new AI security obligations from the Pentagon under both versions of the NDAA. Congressional negotiators will need to iron out differences in the House and Senate’s differing approaches to CMMC relief, and the bills’ AI provisions before any of the language becomes law.
The cybersecurity buildup written into both versions of the bill stands in contrast to the budget Congress is weighing for the nation’s lead civilian cyber agency. Military cyber spending has risen steadily in recent years – the Pentagon’s cyberspace request grew from roughly $14.5 billion in fiscal 2025 to about $15.1 billion in fiscal 2026 – even as the Cybersecurity and Infrastructure Security Agency has suffered a bruising year of staffing and budget reductions (see: Congress Proposes Steep Cuts to CISA).
Click Here For The Original Source.
