As part of its still-evolving Cybersecurity Maturity Model Certification program, the Pentagon wants proof that its vendors are safeguarding sensitive information. A lot of vendors think the CMMC requirements are pretty onerous. As part of the 2021 Defense authorization bill, Congress asked DoD to show some evidence that the Pentagon is meeting the same cybersecurity standards it’s demanding from contractors. The short answer is no. For the longer answer, Joseph Kirshbaum, director for Defense Capability and Management Issues at the Government Accountability Office, spoke to Federal News Network’s Jared Serbu on the Federal Drive with Tom Temin.