Answer plain-English questions about how you meet the Access Control and Identification & Authentication requirements of NIST SP 800-171, and this tool assembles assessor-ready SSP narrative language for each one — plus draft POA&M entries for the gaps. It's a starting draft you edit and own, not a substitute for your own assessment.
← Haven't scored yet? Start with the free SPRS calculator
Covers families 3.1 (Access Control, 22 requirements) and 3.5 (Identification & Authentication, 11 requirements). Narrative is written to the NIST SP 800-171A assessment objectives. Self-assessment aid only — see disclaimer.
These fill into every narrative so the output reads like your real system. Leave blanks and we'll use a neutral placeholder you can find-and-replace later.
Pick the honest answer for each. A requirement only counts as implemented if it's fully in place and documented.