Tier 1 Cyber Arms Customers with OneTrust Vendorpedia to Tackle CMMC Supply Chain Operations

Tier 1 Cyber Arms Customers with OneTrust Vendorpedia to Tackle CMMC Supply Chain Operations

Tier 1 Cyber, an Alexandria, Virginia-based consulting and IT services firm, was founded to bring the expertise gained from protecting the nation’s most vital intelligence and military assets to the commercial sector. The company’s mission is to deliver world-class cybersecurity services to small and mid-size businesses that require advanced data protection.

As a trusted consultancy with 20+ years of team experience supporting clients in implementing, refining, and auditing Defense Federal Acquisition Regulation Supplement (DFARS), National Institute of Standards and Technology (NIST), and related standards, Tier 1 Cyber was tasked with helping clients prepare for the Department of Defense’s (DoD) Cybersecurity Maturity Model Certification (CMMC).

To learn more about how OneTrust Vendorpedia helps with the Department of Defense’s CMMC, visit our frameworks page

Closing Ranks on a New Cybersecurity Standard

The CMMC was created by the DoD because the Pentagon identified the cybersecurity of its supply chain as a risk to the economy and national security. To combat the threat, all companies doing business with the DoD (over 300,000) are required to become CMMC certified.

In order to compete for and win new contracts, our DoD clients must become certified under CMMC. As part of this new requirement, our clients will have to ensure that their supply chain, which includes (1) vendors that support business processes and (2) subcontractors, are all CMMC certified.
Bret Cohen
President and Chief Executive Officer

Before the CMMC goes into effect, the Tier 1 Cyber team is setting up workstreams to ensure their clients have a good a baseline level of risk management and compliance in place.  Tier 1 Cyber quickly realized the need for a technology solution to automate operations and serve as a central repository for client’s supply chain data.

Partnering with OneTrust Vendorpedia on the Front Lines of CMMC

To support their client’s CMMC efforts at scale, Tier 1 Cyber partnered with OneTrust Vendorpedia, using the third-party risk management platform to streamline and automate third-party risk assessment and due diligence.

Vendorpedia allows Tier 1 Cyber, and their clients, to evaluate the cybersecurity preparedness of the supply chain. With Vendorpedia, Tier 1 Cyber is able to evaluate a supplier’s CMMC process and practice maturity, mitigate associated risks, add business context to supplier risks, manage key contract terms, access pre-populated research via Vendorpedia’s Global Risk Exchange, monitor supplier risk and performance, and ultimately save money and reallocate resources.

Tier 1 Cyber leverages Vendorpedia as part of a CMMC evaluation and management program for vendors and subcontractors. Specifically to:

1. Create customized vendor and subcontractor evaluation program for DoD contractor with prioritization of vendors by criticality;

2. Support onsite verification of subcontractor’s compliance with CMMC (the onsite verification is a differentiator and a key element to the verification process);

3. Evaluate vendors, flag any issues, and guide CMMC evaluation of vendors;

4. Report findings and work with DoD contractor, vendors, and subcontractors to remediate any deficiencies; and

5. Grade vendors and subcontractors preparedness against each other and track compliance for DoD contractor so it can rest assured that the vendor is CMMC compliant and can be bid on contracts.

Vendorpedia allows Tier 1 Cyber to independently verify many CMMC compliance requirements without having to perform a full assessment of vendors that support corporate business processes. As such, Vendorpedia increases efficiency, and greatly reduces costs of evaluating the vendors.
Joe Urbaniak
Chief Operating Officer and Chief Information Security Officer

Leveraging an Elite Technology Solution for CMMC and Beyond

Companies are prioritizing the evaluation of their key contractors and looking for tools and programs to independently verify their vendors and subcontractors in an efficient and non-intrusive manner. Combining the Vendorpedia platform with a Tier 1 Cyber CMMC vendor and subcontractor verification program has proved to be an ideal combination to ensure CMMC compliance of the entire supply chain.

As Tier 1 Cyber continues to support CMMC operations, they have their sights set on implementing OneTrust GRC, an integrated risk management solution to identify, track, remediate, and monitor risk across IT infrastructures, vendor relationships and operations for a complete enterprise view of risk across a business’s profile.

Vendorpedia has been a force multiplier for Tier 1 Cyber clients, and to say that it has utility is an understatement. Tier 1 Cyber looks forward to a continued partnership with OneTrust Vendorpedia and will continue to utilize the solution in CMMC client engagements and beyond.
Bret Cohen
President and Chief Executive Officer

To learn more about how OneTrust Vendorpedia helps with the Department of Defense’s CMMC, visit our frameworks page.

Recommended Resources


Despite the rapid evolution of the security community and IT technologies, organizations are using dated methods to assess vendors. As the community continues to evolve the static nature of assessments and manual assessment processes hinder the efficiency and centralization of data gathered, forming the need for exchange communities.  


Exchange communities enable collaboration and information sharing by providing a platform that brings businesses and their third parties together into a single community to share security information and build mutual trust.  


Thousands of organizations and their vendors participate in the exchange to collectively centralize and share critical information about their security, privacy, ethics and compliance, and ESG programs. This community-based approach makes third-party risk easier for everyone involved – both you and your third parties. 


Download our eBook to learn everything you need to know about the value of participating in an exchange community for both customers and vendors. In the eBook, you will explore: 


  • What is the OneTrust Vendorpedia™ Exchange Community?  
  • What are the benefits of a vendor exchange? 
  • How the Vendorpedia Exchange Community can solve key VRM challenges for c customers 
  • How the Vendorpedia Exchange Community can solve key assessment challenges for vendors 
  • The value of shifting away from the static vendor risk assessment model 
  • The role of a vendor exchange in achieving organizational trust 
  • How does the OneTrust Vendorpedia Exchange Community help establish organizational trust? 

Onetrust All Rights Reserved