NIST SP 800-171 Information
SPRS provides storage and access to the NIST SP 800-171 assessment scoring information. The NIST SP 800-171 Assessments module contains assessment date, score, scope, plan of action completion date, Included Commercial and Government Entity (CAGE) code(s), System Security Plan (SSP) name, SSP version, SSP date, and confidence level.
To access the NIST SP 800-171 Assessments module users must be registered in the Procurement Integrated Enterprise Environment (PIEE) and be approved for access to SPRS. A “SPRS Cyber Vendor User” role is required for companies to enter/edit basic self-assessment information.
Assessments may be added for CAGEs who fall within the company hierarchy.
The NIST SP 800-171 Basic Assessment cannot be performed in SPRS, SPRS only stores the results of NIST SP 800-171 Assessments. For preparation information including the assessment methodology refer to the Defense Pricing and Contracting (DPC) Cyber page at Policy – Safeguarding Covered Defense Information and Cyber Incident Reporting . Questions regarding conducting your NIST SP 800-171 assessment should be directed to your Program Office or Contracts representative or the Defense Contract Management Agency (DCMA) general mailbox listed here: DCMA_7012_Assessment_Inquiry@mail.mil .
Reference Materials
For commonly asked questions view the NIST SP 800-171 FAQ section.
NIST SP 800-171
Quick Entry Guide
SPRS Access
Cyber Reports
SPRS Cyber Reports
(CMMC & NIST)
Instructor Led Training
This training will provide step-by-step instructions for the SPRS Cyber Reports (CMMC & NIST). This training is intended for vendors and will cover entering, editing, affirming, and deleting records. Interpreting requirements and conducting the assessments will not be covered.
Watch
Viewing NIST SP 800-171
Assessments
This tutorial describes viewing National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171.
Tools for Responsible Awards
