info@ibsscorp.com

301.942.9014
  1. IBSS Home
  2. Insights
  3. Understanding Your SPRS Score: What It Means for DoD Contract Eligibility and CMMC Level 2

301.942.9014

info@ibsscorp.com
  1. IBSS Home
  2. Insights
  3. Understanding Your SPRS Score: What It Means for DoD Contract Eligibility and CMMC Level 2
Understanding Your SPRS Score: What It Means for DoD Contract Eligibility and CMMC Level 2

December 16, 2025

Cybersecurity | Insights
If you’re a defense contractor pursuing CMMC Level 2, entering your score in the Supplier Performance Risk System (SPRS) is a critical requirement tied directly to your contract eligibility.

The Department of Defense (DoD) uses SPRS to evaluate how well contractors are protecting Controlled Unclassified Information (CUI) based on NIST SP 800-171 implementation. Your score can determine whether you can win or renew DoD contracts.

Here’s what you need to know about calculating your SPRS score, submitting it, and how it fits into your CMMC compliance journey.

What Is the SPRS?

The SPRS is the DoD’s central source for supplier and product performance data. For contractors that handle CUI, one of the key elements tracked in SPRS is the self-assessment score against NIST SP 800-171.

Since 2020, DoD contractors have been required to:

  • Perform a Basic Assessment of their implementation of NIST SP 800-171 requirements.
  • Submit the resulting score to SPRS via the Procurement Integrated Enterprise Environment (PIEE) portal.

Why the SPRS Score Matters for CMMC

Your SPRS score is not the same as CMMC certification, but it’s directly connected.

  • CMMC Level 2 is based on the implementation of NIST SP 800-171.
  • Your SPRS score shows your current level of compliance with those 110 requirements.
  • If your score is too low, it may block you from bidding or subcontracting on DoD contracts.

As of 2025, many DoD solicitations already require a submitted SPRS score as a condition of eligibility, especially at Level 2. And when CMMC 2.0 becomes fully enforceable, your SPRS score will remain an important benchmark until you complete a formal assessment.

How the SPRS Score Is Calculated

The SPRS scoring method starts at 110 (the total number of NIST SP 800-171 requirements). Achieving a full 110 on the first attempt is nearly impossible, but it is the overall goal.

For each requirement that is not fully implemented, points are subtracted.

  • Most controls are worth -1 point.
  • Some key controls are weighted more heavily (e.g., -3 or -5 points).
  • The lowest possible score is -203.

There is no partial credit. If a control is not fully and properly implemented, you must deduct the full value. For example, If your organization has implemented 90 of 110 controls, and the remaining 20 are each worth -1 point, your SPRS score would be 90. But if some of the missing controls are weighted more heavily, your score could drop to 80 or lower, even with the same number of gaps. 

How to Improve Your SPRS Score

Improving your SPRS score requires remediating the gaps in your NIST SP 800-171 implementation, and documenting those efforts in your System Security Plan (SSP).

A strong compliance partner like IBSS can help you:

  • Perform a NIST SP 800-171 gap assessment.
  • Create a complete and CMMC-ready SSP and POA&M to assist with remediating any deficiencies.
  • Implement technical and administrative controls.
  • Raise your SPRS score by closing deficiencies.

Your SPRS score is a snapshot of your readiness. If you’re pursuing CMMC Level 2 or even trying to stay eligible for current DoD work, knowing and improving your score is paramount.

Don’t wait for a contract deadline to find out you’re not eligible to bid. Book your CMMC Readiness Call today or send us an email at CMMCC3PAO@ibsscorp.com to start the path toward certification with a team that knows the process inside and out.

About IBSS

Since 1992, IBSS has provided transformational consulting services to the Federal defense, civilian, and commercial sectors. Our services include cybersecurity and enterprise information technology, environmental science and engineering (including oceans, coasts, climate, weather, and satellite), and professional management services.

Our approach is to serve our employees by investing in their growth and development. As a result, our employees bring greater capabilities and provide an exceptional level of service to our clients. In addition to creating career development opportunities for our employees, IBSS is passionate about giving back to the community. We strive to leave something better behind for the next generation. 

We measure our success by the positive impact we have on our employees, clients, partners, and the communities we serve. Our tagline, Powered by Excellence, is a recognition of the employees that make up IBSS and ensures we deliver results with quality, applying industry best practices and certifications. Read more About Us.

Keywords: CMMC, C3PAO, DoD Requirements, NIST SP 800-171, Cybersecurity 

tags: C3PAO |cmmc |cybersecurity |DoD Requirements |NIST SP 800-171

Related

All Insights

Learn more about IBSS

Learn more