Defense suppliers must provide a current (i.e., not older than three years) NIST 800-171 SP assessment uploaded into the Supplier Performance Risk System (SPRS). SPRS is a DoD enterprise application that shows what is considered your supplier risk score. Based on the level of assessment you’re assigned, DoD or its contractors may use your risk profile to consider active and future business opportunities. If your assessment isn’t satisfactory you could risk losing this work along with your ability to respond to active and future RFPs. 

There are three levels of assessment that result in varying degrees of confidence in the resulting score based on the depth of the assessment.

There are certain cases where elevated security concerns may exist.  DoD contractors on these sensitive projects may be more tightly scrutinized as follows:

• Medium Assessment Level – DoD personnel will review the contractor’s system security plan (SSP)
• High Assessment Level – DoD personnel required to conduct their own on-site or virtual assessment.

Getting an assessment or conducting your own can be a daunting task, but luckily there’s help thanks to the New York State Cybersecurity Assistance Cohort and Grant from Mohawk Valley Community College’s (MVCC) Advanced Institute for Manufacturing (AIM) and FuzeHub.

Joining the Cybersecurity Cohort is free, and helps decrease your cybersecurity risk in a multitude of ways:

• Learn how to comply with the DFARS clause that’s based on NIST SP 800-171
• Prepare for Cybersecurity Maturity Model Certification (CMMC)
• Ask questions and get answers from AIM’s Paul LaPorte, a cybersecurity expert
• Network with other members of the DoD supply chain from across New York State
• Find out if you’re eligible to receive 80% of the cost, up to $6,000, for a personalized cybersecurity assessment.