How is DoD Planning to Use the Supplier Performance Risk System (SPRS) and How Does It Effect You?
Defense suppliers must provide a current (i.e., not older than three years) NIST 800-171 SP assessment uploaded into SPRS. SPRS is a DoD enterprise application and will show what is considered your supplier risk. Based on the level of assessment you are assigned, DoD or its contractors, may use your risk profile for active and future business opportunities. You could risk losing this work along with your ability to respond to active and future RFPs.
There are three levels of assessment that result in varying degrees of confidence in the resulting score based on the depth of the assessment.
- Basic assessment is simply a self-assessment performed by the contractor and results in a “low” level of confidence.
- Medium assessment includes a review of the contractor’s system security plan (SSP) by DoD personnel and results in a “medium” level of confidence.
- High assessment includes an on-site or virtual assessment by DoD personnel, and results in a “high” level of confidence
Getting an assessment can be a daunting task, but luckily there’s help thanks to the 2020 Cybersecurity Assistance Cohort and Grant from Mohawk Valley Community College’s (MVCC) Advanced Institute for Manufacturing (AIM) and FuzeHub.
Joining the Cybersecurity Cohort is free, and helps decrease your cybersecurity risk in a multitude of ways:
- Learn how to comply with the DFARS clause that’s based on NIST SP 800-171
- Prepare for Cybersecurity Maturity Model Certification (CMMC)
- Ask questions and get answers from AIM’s Paul LaPorte, a cybersecurity expert
- Network with other members of the DoD supply chain from across New York State
- Find out if you’re eligible to receive 80% of the cost, up to $6,000, for a personalized cybersecurity assessment.
Join No-Cost Cohort
Are You A Manufacturer Looking To Learn More About How You Can Protect Your Business From Cyber Attacks?