What is a Summary Level Score (SPRS)? + How to Calculate it
By: Omer Kaan Aslim
October 19, 2021
If you have DFARS clauses 252.204-7019 and 252.204-7020 in your DoD contract or your prime contractor has those clauses in their contract you have probably heard about the need to generate a “Summary Level Score” to upload into the Supplier Performance Risk System (SPRS). This blog is intended for companies that need to perform a “Basic Contractor Self-Assessment”.
What is a Summary Level Score?
A summary level score or commonly referred to as the “SPRS score” (pronounced “spurs”) is the result of a NIST SP 800-171 DoD Assessment that is performed in accordance with the NIST SP 800-171 DoD Assessment Methodology, Version 1.2. A summary level score helps identify a contractor's progress towards implementing the NIST SP 800-171 set of security controls. The summary level score, when submitted to the Supplier Performance Risk System (SPRS) provides the DoD with “a strategic assessment of a contractor’s implementation of NIST SP 800-171, a requirement for compliance with DFARS clause 252.204-7012.”
Limiting access to authorized users means that only personnel with a business need are granted access to your system. Only authorized personnel should have user accounts to access your information system resources such as computers, servers, and cloud resources. User accounts should be password protected (we will discuss multi-factor authentication at a later time).
How to Calculate the Summary Level Score Manually
The summary level score needs to be calculated in accordance with the “NIST SP 800-171 DoD Assessment Scoring Template.” The highest score you can achieve is 110. Each NIST SP 800-171 security control has a value associated with it (1, 3, or, 5). “The security requirements are weighted based on their effect on the information system and DoD CUI created on or transiting that system.” For each requirement not met, the associated value is subtracted from 110. Calculating the score accurately is tedious and requires a strong understanding of information security and information technology solutions. Calculating the score may also be time consuming as it requires that you perform an assessment of your security controls, that you have a system security plan, and create a plan of action and milestones documents.
How to Automatically Calculate the Summary Level Score
Using the Compliance Accelerator app, you simply answer yes or no questions about your security requirements and the app will automatically generate your summary level (SPRS) score. The app will also identify your NIST SP 800-171 implementation gaps and generate gap remediation tasks for you to implement to achieve a perfect score of 110. The app will also automatically generate your plan of action and milestones document as well as update it as you implement your gap remediation tasks. The app also includes a system security plan template for you to fill out. Using the Compliance Accelerator app is the easiest method for you to calculate your score on your own without having to hire an external consultant or bang your head against the wall trying to understand your requirements.
Discover Our NIST SP 800-171 Solutions:
For contractors seeking compliance
For IT service providers
Supply Chain Verifier
For contractors seeking to verify partner compliance