NIST 800-171 Basic Assessment Reporting To SPRS

Posted by ComplianceForge Support on Nov 12, 2020

For those organizations in scope for NIST 800-171, the self-imposed November 30, 2020 deadline is fast approaching for many subcontractors to submit the results of their “basic assessment” to Supplier Performance Risk System (SPRS). There is a good overview of the process at https://www.cmmcaudit.org/how-to-submit-a-nist-sp-800-171-self-assessment-to-sprs/. In summary, a contractor has to report the following self-assessment results to SPRS:

  1. The name(s) of the System Security Plan (SSP) (this might just be “[project name] SSP”);
  2. CAGE code associated with the contract;
  3. A brief description;
  4. Date of the self-assessment;
  5. The total score (out of 110); and
  6. The projected date that your organization will attain a score of 110.

The CMMC Center of Awesomeness (CMMC-COA) has a free Excel-based tool to help you calculate your “basic assessment” score. It is part of the CMMC-COA spreadsheet that is available at https://www.cmmc-coa.com/