NIST SP 800-171 Information
SPRS provides storage and access to the NIST SP 800-171 assessment scoring information. The NIST SP 800-171 Assessments module contains assessment date, score, scope, plan of action completion date, Included Commercial and Government Entity (CAGE) code(s), System Security Plan (SSP) name, SSP version, SSP date, and confidence level.
To access the NIST SP 800-171 Assessments module users must be registered in the Procurement Integrated Enterprise Environment (PIEE) and be approved for access to SPRS. A “SPRS Cyber Vendor User” role is required for companies to enter/edit basic self-assessment information. If a record header for the Highest Level Owner (HLO) does not exist, one may be created. Once the HLO header has been created, assessments for CAGEs who fall within the HLO hierarchy may be added by selecting the button.
The NIST SP 800-171 Basic Assessment cannot be performed in SPRS, SPRS only stores the results of NIST SP 800-171 Assessments. For preparation information including the assessment methodology refer to the Defense Pricing and Contracting (DPC) Cyber page at Policy – Safeguarding Covered Defense Information and Cyber Incident Reporting. Questions regarding conducting your NIST SP 800-171 assessment should be directed to your Program Office or Contracts representative or the Defense Contract Management Agency (DCMA) general mailbox listed here: DCMA_7012_Assessment_Inquiry@mail.mil.
For commonly asked questions view the NIST SP 800-171 Assessments FAQ page.
Watch NIST SP 800-171 Entry Tutorial
Tools for Responsible Awards