SPRS Score CalculatorNIST SP 800-171 Rev 2 · DoD Assessment Methodology
0 of 110 marked implemented · 313 points in deductions
-203
Your SPRS score

What's your SPRS score?

Every defense contractor handling Controlled Unclassified Information (CUI) must self-assess against the 110 security requirements of NIST SP 800-171 and report a score to the Department of War's Supplier Performance Risk System (SPRS). Work through the checklist below to calculate yours — scores range from −203 (nothing in place) to +110 (fully implemented).

Scoring follows the NIST SP 800-171 DoD Assessment Methodology (Version 1.2.1). SPRS scoring remains based on 800-171 Revision 2 — the Department of War has not yet adopted Revision 3 for SPRS or CMMC purposes. This tool is a self-assessment aid only; see the disclaimer below.

How it works:
  1. Every requirement starts as Not implemented, so your starting score is −203. Mark each one honestly — a requirement only counts if it is fully implemented and documented in your System Security Plan (SSP).
  2. Each requirement is weighted 1, 3, or 5 points based on its security impact. Unimplemented requirements subtract their weight from 110.
  3. Two requirements (3.5.3 MFA and 3.13.11 FIPS encryption) allow partial credit. Five remote-access/wireless/mobile requirements can be N/A if the capability doesn't exist in your environment.
  4. Your score and top gaps update live. Scroll to the bottom for your summary.

Your results

-203
Significant gaps
⚠ No System Security Plan (3.12.4): without an SSP, a Department of War assessment cannot be completed at all and you cannot legitimately submit a score to SPRS. Make this your first priority.

Highest-value gaps to fix first

You know your gaps — now write them up. The SSP Section Generator turns these requirements into assessor-ready System Security Plan language and draft POA&M entries.

Generate my SSP sections →

Get your free gap report

Want this assessment as a prioritized remediation roadmap — what to fix first, roughly what it takes, and how it affects your score? Enter your email and we'll send your personalized gap report.

🔒 No spam — just your report.