1 (2) If the Offeror does not have summary level scores of a current NIST SP 800-171 DoD Assessment (i.e., not more than 3 years old unless a lesser time is specified in the solicitation) posted in SPRS, the Offeror may conduct and submit a Basic Assessment to email@example.com for posting to SPRS in the format identified in paragraph (d) of this provision.
The email below follows the format outlined in 252.204-7019 and is suitable to be copied, pasted into an email and sent as-is once all fields are completed.
SUBJECT: NIST SP 800-171 DoD Assessment –
To Whom It May Concern:
In accordance with Defense Federal Acquisition Regulation Supplement: Assessing Contractor Implementation of Cybersecurity Requirements (85 FR 61505, Case 2019-D041), a basic assessment of the has been conducted by against NIST SP 800-171 Rev 1 utilizing the NIST SP 800-171 DoD Assessment Methodology (rev 1.2.1). The results of this assessment are provided below for inclusion in the Supplier Performance Risk System (SPRS).
|System security plan||CAGE codes supported by this plan||Brief description of the plan architecture||Date of assessment||Total score||Date score of 110 will be achieved|
NIST 800-171 DoD Assessment
Methodology Scoring Tool
As of November 30, 2020, the CMMC Interim Rule (DFARS Case 2019-D041) requires all contractors and subcontractors to maintain a Basic NIST SP 800-171 DoD Assessment using the NIST SP 800-171 DoD Assessment Methodology in the Supplier Performance Risk System (SPRS) prior to contract award.
What you need to do
- Create a NIST 800-171 System Security Plan
- Score the System Security Plan using the DoD Assessment Methodology
- Email the score to the DoD UPDATE (10/6/20)
The Free ComplyUp NIST 800-171 DoD Assessment Methodology Scoring Tool makes this super easy. Just click a box for each requirement, and the tool spits out a customized email ready to be sent to DoD. Once received, DoD will enter your results into the Supplier Performance Risk System. Nothing to it.