Description

The Cyber Management Systems NIST 800-171 Self Compliance Solution allows organizations to generate their DoD NIST 800-171 Self Assessment Score for uploading into the Supplier Performance Risk System (SPRS) via the Procurement Integrated Enterprise Environment (PIEE).

• The SPRS NIST 800-171 Self Compliance Solution provides for the assessment of a contractor’s implementation of NIST SP 800-171
  security requirements, as required by DFARS clause 252.204–7012.
• The solution also includes the software with templates that have been modified to generate a technical and professional looking System Security Plan (SSP).

The SPRS NIST 800-171 Self Compliance Solution consists of two (2) major components, 1) Excel spreadsheet, and 2) Customized Opensource Cybersecurity Software (tool).  The Excel spreadsheet enables Security Control Assessors (SCA) and Information System Security Officers (ISSO) to conduct a strategic assessment of a contractor’s implementation of NIST SP 800-171, a requirement for compliance with DFARS clause 252.204-7012. The Customized Opensource Cybersecurity Software (tool) enables ISSO’s and SCA’s to develop, document, and periodically update system security plans (SSP) that describe system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems. The absence of a system security plan would result in a finding that ‘an assessment could not be completed due to incomplete information and noncompliance with DFARS clause 252.204-7012.’