Skip to Content

Welcome to Supplier Performance Risk System (SPRS)Guiding the DoD in Responsible Acquisition Decisions


SPRS is the Department of Defense’s single, authorized application to retrieve suppliers’s performance information. SPRS is web-enabled enterprise application that gathers, processes, and displays data about the performance of suppliers. The Defense Federal Acquisition Regulation Supplement (DFARS) Subpart 213.1 requires contracting officers to consider this data for supply contracts valued at less than or equal to $1 million

SPRS compiles supplier’s past performance data in areas of product delivery and quality to determine risks and creates a Supplier Risk Score used by procurement specialists. The quality and delivery classifications identified for a supplier in SPRS will be used by the contracting officer to evaluate a supplier’s past performance in conjunction with the supplier’s references (if requested) and other provisions of the solicitation under the past performance evaluation factor.

PKI Required for All SPRS Users

As an Department of Defense (DoD) only application, only users with a PKI Certificate/CAC will be allowed access. All Awardee/Contractors are required to have Public Key Infrastructure (PKI) certificates to log into SPRS. If you do not currently have a PKI certificate please go to the “PKI Information” page for instruction on how to obtain. With current policy, no Federal user will be allowed access, even with CAC availability.


DoD PIV-Auth Certificate

The DoD and DON directed that all applications require the use of strong authentication for access by using only PIV Authentication. By 29 FEB 2020, SPRS is required to be compliant. To ensure you retain access to SPRS, please don't delay in activating your PIV-Auth certificate on your CAC. See Changes to CAC Certificates for details.

As of 31 July 2019, the ID and Email certificates will no longer be accepted and only the PIV_Auth certificate can be used to login to SPRS.

DoD Users: All CAC users that received their card before 24 February 2018 will need to activate the new PIV_Auth certificate. Instructions to activate the certificate or verify that it has been activated can be found on the Navy Infosec Website ( CAC users who received their card after 24 February 2018 should already have this certificate activated and no further action is needed.

Note that this only applies to CAC users. DoD ECA and Federal PIV certificates are unaffected by this change.

Section 2339a (formerly Section 806 List)

SPRS is the host for the Section 2339a List IAW Title 10, United States Code, 2339a as implemented in Under Secretary of Defense for ACQ and SUS memorandum, “Acquisition Workforce Implementation of Enhanced Procedures for Supply Chain Risk Management in Support of Department of Defense Trusted Systems and Networks,” dated December 28, 2018.

User access to SPRS is expanded to all acquisition personnel in the DoD (and federal agencies, if supporting DoD acquisitions) to ensure access to the Section 2339a Class Determinations. The Director, Defense Pricing and Contracting (DPC), ensures that regulations, policies, and guidance are established or updated to reflect this decision.

All procurement officials, regardless of procurement dollar value, shall verify that the award will not involve any entity listed in the Section 2339a List contained in SPRS when acquiring a “covered system” or a “covered item of supply” as defined at DFARS 239.7301.

Tools for Responsible Awards Logo for Supplier Performance Risk System.