Know your SPRS score before a prime asks.
Any contractor handling Controlled Unclassified Information has to post a NIST SP 800-171 Basic Assessment score in SPRS — and primes increasingly ask for it before they’ll team. This free estimator walks all 110 controls using the public DoD Assessment Methodology weights so you can see roughly where you stand. No signup, nothing stored.
Walk all 110 controls
Start at 110 — every control implemented — and mark each gap. Your estimated score updates live.
This is an unofficial self-assessment estimate, not an official SPRS score. Weights follow the public NIST SP 800-171 DoD Assessment Methodology (v1.2.1): each unmet control subtracts 5, 3, or 1 from 110. 3.5.3 (MFA) and 3.13.11 (FIPS crypto) offer a partial (−3) state. A few access controls (remote / wireless / mobile) may be scored not-applicable if not permitted in your environment — mark those as implemented. Your real Basic Assessment must be entered in SPRS.
Email me my SPRS estimate + a remediation roadmap
We'll send a copy and, if you want, help you take the next step. No spam.
A positive score with a plan is the goal
The score isn’t pass/fail on its own — context matters. Here’s the honest read.
Full implementation
Every control met. The target every assessment is working toward — and what a closed POA&M should ultimately reach.
On the path
A positive score backed by a real Plan of Action & Milestones (3.12.2) and a System Security Plan (3.12.4) is where most contractors honestly sit. Primes want to see the plan, not just the number.
Material gaps
The high-weight basics (access control, MFA, FIPS crypto, boundary protection) are the fastest points back. That’s exactly where a remediation roadmap starts.