2021 NDAA Passes Congress with Enough Support for Veto Override
The U.S. Senate passed the FY 2021 National Defense Authorization Act (NDAA), an all-encompassing piece of legislation that introduces provisions related to many agencies and federal employees, with an 84-13 majority. This margin means that even if President Trump vetoes the bill, as he has threatened, there is enough support in Congress to override the veto. After the president vetoes a bill, a 2/3 majority in each chamber can override the veto and make the bill become law. The House of Representatives had already passed the bill with an overwhelming majority of 335-78.
President Trump planned to veto the legislation if it did not repeal the 1996 Telecommunications Act, which shields tech companies from liability from content posted by their users, or if it included requirements to change the names of military bases honoring Confederate figures. Congress did not acquiesce to either demand.
This year’s NDAA includes the Corporate Transparency Act, which requires a report be filed with the Financial Crimes Enforcement Network (FinCen) that identifies each beneficial owner of an applicant forming a reporting company. This provision means that any corporation, Limited Liability Company, or other similar entity that is registered to do business in the U.S. would have to recognize any individual(s) who benefit directly or indirectly from the corporation.
A provision relating to the Federal Risk Authorization Management Program (FedRAMP), a cloud security program ,was left out of the final NDAA. The provision would have required agencies to provide a “presumption of adequacy” to vendors that are already FedRAMP-certified by other agencies, according to Federal News Network. A FNN source claimed that this provision was shot down by Senator Ron Johnson (R-WI), the chairman of the Homeland Security and Governmental Affairs Committee. The anonymous source told Federal News Network, “About six weeks or so ago, Johnson objected to the bill based on process because his committee hadn’t held hearings or voted on the bill. Basically the conferees gave Johnson the veto power to have it struck and he did.”
Two cyber provisions were also cut from Senate-passed NDAA. The House version of the NDAA called for the creation of a cyber-threat collaboration environment with the Department of Defense, the intelligence community, and homeland security in order to “develop an information collaboration environment that enables entities to identify, mitigate and prevent malicious cyber activity.” House Democrats also were pushing to establish an Office of Cyber Engagement of the Department of Veterans Affairs that would address “cyber risks to veterans, share information about such risks and coordinate with other federal agencies.” In both cases, the Senate tossed out the provisions possibly because of the existence of the Cyber Threat Intelligence Integration Center (CTIIC), which already promotes cyber collaboration.
Cybersecurity was an important topic in this year’s NDAA, with over 50 cybersecurity-related provisions included. The bill sets new experience requirements for the director of DHS’ Cybersecurity and Infrastructure Security Agency (CISA). A provision to give CISA more authority to “conduct threat hunting on federal information systems,” and for the agency to “provide services, information technology and sensors to other federal agencies upon request” also made it into the bill. Additionally, the NDAA reestablishes a National Cybersecurity Director in the White House.
The House and Senate both dropped the idea of making regulations less complicated for the general public by excluding a requirement to post a 100-word summary of proposed rules to Regulations.gov. Federal News Network suggests that this provision was excluded because it is similar to the Plan Writing Act of 2010, which requires agencies to simplify the language they use to write federal regulations.
The Senate removed the House’s provision to require more details of major acquisition initiatives from the Department of Homeland Security. Lawmakers also transferred oversight of the service-disabled veteran-owned small business certification requirements to the Small Business Administration from the Department of Veterans Affairs.
Senate Armed Services Committee Chairman Jim Inhofe (R-OK) and Ranking Member Jack Reed (D-RI) expressed their support for the bill and said, “This year’s NDAA will strengthen our national defense now and for years to come. The conference agreement accelerates implementation of the National Defense Strategy, ensuring we not only have the best planes, ships, and tanks, but that our forces are in the right places, at the right time, with the right capabilities. It pushes back on Chinese aggression by establishing the Pacific Deterrence Initiative, and includes numerous policies to counter Russia and other potential adversaries. The bill directs investments to encourage innovation and develop the groundbreaking technology that will keep our children’s children safe.”
