NIST 800-171 SPRS Score Calculator

DoD Assessment Methodology Scorer & POA&M Generator

Current SPRS Score

Starts at 110. Controls marked "Not Met" or "Partially Met" deduct points based on their assigned weight (1, 3, or 5). Max penalty limits score to -203.

110 Points
110 Controls Met
0 Partially Met
0 Not Met

System Self-Tests

Tests not run yet.

About the NIST 800-171 SPRS Score Calculator

Defense contractors and subcontractors can accurately calculate their NIST SP 800-171 Supplier Performance Risk System (SPRS) score to meet DoD requirements. By evaluating implementation status across all 110 security controls, you can instantly determine your baseline score from a maximum of 110, identify weighted point deductions for gaps, and generate actionable data for your Plan of Action and Milestones (POA&M).

How it works

  1. Select the implementation status (Implemented, Not Implemented, or N/A) for each of the 110 security requirements.
  2. Review the automatically calculated SPRS score based on standard DoD scoring methodology.
  3. Identify controls with the highest point deductions (1, 3, or 5 points) to prioritize remediation efforts.
  4. Export the gap analysis data to support your System Security Plan (SSP) and POA&M documentation.

Frequently asked questions

How does the SPRS scoring methodology work?

The scoring system starts at a maximum of 110 points. Unimplemented controls result in specific weighted deductions of 1, 3, or 5 points based on their criticality, meaning your total score can be negative.

What is the lowest possible SPRS score?

If no controls are implemented, the maximum negative score is -203. A perfect score of 110 indicates full compliance with all requirements.

Can a requirement be marked as Not Applicable (N/A)?

Yes, but only if the specific requirement fundamentally does not apply to your system environment. N/A controls do not result in a point deduction, but they must be thoroughly justified in your System Security Plan.

Do I need an SPRS score for CMMC Level 2?

Yes. Calculating and submitting your NIST 800-171 SPRS score is a foundational, mandatory step for DoD contractors preparing for Cybersecurity Maturity Model Certification (CMMC) Level 2 assessments.

References