Globe-America Consulting
SPRS + POA&M
NIST SP 800-171 Rev 2 · DoD Assessment Methodology v1.2.1 · Tier 3
📊

Compliance Foundation Package — SPRS Score Calculator & POA&M Builder

Calculate your official NIST SP 800-171 SPRS score using DoD Assessment Methodology v1.2.1, then automatically generate a Plan of Action & Milestones from your gaps. Both deliverables are required for DFARS compliance and SPRS submission.

Tier 3 — Bronze
GARD™ Phase Mapping
G
Govern the Boundary
A
Align Evidence
R
Reinforce Implementation
D
Defend the Assessment
Globe-America Consulting — Compliance Foundation
SPRS Score Calculator
Calculates your NIST SP 800-171 self-assessment score per the DoD Assessment Methodology v1.2.1. Start at 110 — each unimplemented control subtracts its weighted value (1, 3, or 5 points). No partial credit except for MFA (3.5.3) and FIPS cryptography (3.13.11). Minimum possible score: −203.
🏢 Organization Details
ⓘ CMMC 2.0 — Self-Assessment vs. C3PAO Certification

This calculator generates a DFARS 252.204-7019 / 7020 Basic Assessment score. Under CMMC 2.0, that score is required in SPRS for every contractor handling CUI — but the majority of L2 contracts require a C3PAO-conducted certification assessment, not just self-assessment. Verify your required path in your contract or DD-254 before submitting. POA&M caveats: controls weighted at 5 points are generally NOT POA&M-eligible and must be fully met; POA&M items must be closed within 180 days for conditional certification. Annual senior official affirmation is also required in SPRS regardless of which path applies.

SPRS Score
110
Max: 110  |  Min: −203
Score Range Indicator
−20305588110
No controls assessed yet — score starts at 110
Implemented
0
Not Implemented
0
N/A
0
Points Deducted
0
📋 Your SPRS Assessment Report

Generated from your control responses using DoD Assessment Methodology v1.2.1. Review carefully before submitting to SPRS. Inaccurate scores may expose your organization to False Claims Act liability. After reviewing, switch to the POA&M Builder tab to document remediation plans for all gaps.

Organization
110
SPRS Score
DomainImplementedNot ImplementedN/APoints DeductedDomain Health
📋 How to Submit Your Score to SPRS
1

Ensure Your SSP is Current

Your System Security Plan must be complete and accurately reflect how your organization implements each of the 110 controls before you submit.

2

Document POA&Ms for All Gaps

Switch to the POA&M Builder tab to complete your Plan of Action & Milestones. Required for every unimplemented control per NIST 800-171 requirement 3.12.2.

3

Access the PIEE Portal

Go to piee.eb.mil, log in with your credentials, navigate to SPRS, and select the Cyber vendor role.

4

Submit Your Assessment

Enter your summary score, NIST SP 800-171 Rev 2 standard version, CAGE code(s), assessment date, and expected full compliance date. Score is valid for 3 years per DFARS 7019, but CMMC 2.0 requires an annual senior official affirmation in SPRS regardless.

5

Work Your POA&M and Reassess

As you implement controls, update your score in SPRS. Globe-America assists with POA&M management and quarterly score reviews.

Globe-America Consulting — Compliance Foundation
POA&M Builder
Auto-populated from your SPRS assessment. Every control marked Not Implemented or Partial appears here as a POA&M line item. Add responsible party, target date, and remediation notes. Per NIST SP 800-171 requirement 3.12.2, a POA&M is required for every unimplemented control and must be submitted alongside your SPRS score.
📋
Complete your SPRS assessment first, then return here.
Switch to the SPRS Score Calculator tab and mark any controls as Not Implemented or Partial. Your POA&M will auto-populate from those responses.
Compliance Foundation · Advisory Hours
Discuss Your Score With Your Advisor
Schedule one-on-one time with Eddie White to walk through your SPRS score, validate POA&M priorities, and align remediation sequencing. Session time draws from your retained advisory hours.
Schedule Advisory Time →
This tool calculates a self-assessment SPRS score per the DoD NIST SP 800-171 Assessment Methodology v1.2.1 and NIST SP 800-171 Revision 2. It produces a “Basic” (Low confidence) self-assessment score that has not been validated by DCMA DIBCAC or any third party. Submitting an inaccurate score to SPRS may expose your organization to False Claims Act liability. All control determinations should be based on documented, operationally implemented controls — not policies alone. Globe-America Consulting is a CMMC Registered Practitioner Organization. © 2026 Globe-America Consulting Inc. — Fort Worth, TX.
© 2026 Globe-America Consulting Inc. · Fort Worth, TX · CMMC Registered Practitioner