Summary Level Score (SPRS)

What is a Summary Level Score (SPRS)? + How to Calculate it


Join our newsletter:
If you have DFARS clauses 252.204-7019 and 252.204-7020 in your DoD contract or your prime contractor has those clauses in their contract you have probably heard about the need to generate a “Summary Level Score” to upload into the Supplier Performance Risk System (SPRS). This blog is intended for companies that need to perform a “Basic Contractor Self-Assessment”.

What is a Summary Level Score?

Supplier Performance Risk System
A summary level score or commonly referred to as the “SPRS score” (pronounced “spurs”) is the result of a NIST SP 800-171 DoD Assessment that is performed in accordance with the NIST SP 800-171 DoD Assessment Methodology, Version 1.2. A summary level score helps identify a contractor's progress towards implementing the NIST SP 800-171 set of security controls. The summary level score, when submitted to the Supplier Performance Risk System (SPRS) provides the DoD with “a strategic assessment of a contractor’s implementation of NIST SP 800-171, a requirement for compliance with DFARS clause 252.204-7012.”
Limiting access to authorized users means that only personnel with a business need are granted access to your system. Only authorized personnel should have user accounts to access your information system resources such as computers, servers, and cloud resources. User accounts should be password protected (we will discuss multi-factor authentication at a later time).

How to Calculate the Summary Level Score Manually

Calculate Summary Level Score
The summary level score needs to be calculated in accordance with the “NIST SP 800-171 DoD Assessment Scoring Template.” The highest score you can achieve is 110. Each NIST SP 800-171 security control has a value associated with it (1, 3, or, 5). “The security requirements are weighted based on their effect on the information system and DoD CUI created on or transiting that system.” For each requirement not met, the associated value is subtracted from 110. Calculating the score accurately is tedious and requires a strong understanding of information security and information technology solutions. Calculating the score may also be time consuming as it requires that you perform an assessment of your security controls, that you have a system security plan, and create a plan of action and milestones documents.

How to Automatically Calculate the Summary Level Score

Using the Compliance Accelerator app, you simply answer yes or no questions about your security requirements and the app will automatically generate your summary level (SPRS) score. The app will also identify your NIST SP 800-171 implementation gaps and generate gap remediation tasks for you to implement to achieve a perfect score of 110. The app will also automatically generate your plan of action and milestones document as well as update it as you implement your gap remediation tasks. The app also includes a system security plan template for you to fill out. Using the Compliance Accelerator app is the easiest method for you to calculate your score on your own without having to hire an external consultant or bang your head against the wall trying to understand your requirements.
 
 
 

Quick & Simple

Discover Our Cybersecurity Compliance Solutions:

Whether you need to meet and maintain your compliance requirements, help your clients meet them, or verify supplier compliance we have the expertise and solution for you

 NIST SP 800-171 & CMMC Compliance App

NIST SP 800-171 & CMMC Compliance

Become compliant, provide compliance services, or verify partner compliance with NIST SP 800-171 and CMMC requirements.
 HIPAA Compliance App

HIPAA Compliance

Become compliant, provide compliance services, or verify partner compliance with HIPAA security rule requirements.
 FAR 52.204-21 Compliance App

FAR 52.204-21 Compliance

Become compliant, provide compliance services, or verify partner compliance with FAR 52.204-21 Basic Safeguarding of Covered Contractor Information Systems requirements.
 ISO 27001 Compliance App

ISO 27001 Compliance

Become compliant, provide compliance services, or verify partner compliance with ISO 27001 requirements.