Minimize Risk and protect your most
important assets with alluvionic
- Ensure compliance with DFARS 252.204-7012, DFARS 252.204-7019, and NIST SP 800-171 requirements
- Get third-party NIST SP 800-171 assessments, System Security Plans, and POA&Ms
- Get the information you need to set up and maintain your PIEE and SPRS accounts
Get our SPRS Checklist
Follow our step-by-step guide to
submitting a self-assessment to SPRS.
WHAT IS THE SUPPLIERS PERFORMANCE RISK SYSTEM, AND WHY IS IT IMPORTANT?
WHAT IS THE PROCUREMENT INTEGRATED ENTERPRISE ENVIRONMENT (PIEE) SYSTEM?
CREATING YOUR PIEE ACCOUNT
Compliance with DFARS 252.204-7019 requires the creation of a PIEE account which can be done at https://piee.eb.mil. After you have created and verified this account, you can create a SPRS account. Here is a helpful checklist from the DoD on setting up your PIEE account.
CREATING YOUR SPRS ACCOUNT
In order to create a SPRS account and receive a score of 110, you will need to log in to your PIEE account and provide you company’s name, System Security Plan name, CAGE code, date of self-assessment, self-assessment score, and expected date (withing 365 days). You will also need to provide contact information for the manager of the SPRS account, including their name, email address, and phone number. Here is a helpful checklist from the DoD on setting up your SPRS account.
ABOUT SPRS SCORES
SPRS scores indicate overall compliance and companies can lose either one, three, or five points for partial compliance or non-compliance based on scoring guidelines for each area. Scores range from negative 203 to positive 110. A perfect score of 110 indicates that a company is compliant with the 110 practices within the NIST 800-171 framework. Having a negative score is common among Defense Industrial Base (DIB) contractors and simply means that you will need to identify a plan of action and milestones to remediate areas of partial or non-compliance in order to increase your score. Although there are no set guidelines for updating your score, it should be done at least once a year. Some companies decide to update it each time they become compliant with a new practice and their score changes. It is also suggested that you keep up with your POAMs and make frequent updates.