CMMC GLOSSARY // SPRS

What is SPRS?

SPRS stands for Supplier Performance Risk System. SPRS is the DoD system where contractors post their NIST 800-171 self-assessment score and, under CMMC, their certification status and affirmations.

The Supplier Performance Risk System (SPRS) is the government database contracting officers check to confirm a contractor's cybersecurity posture. A NIST 800-171 self-assessment score has been required in SPRS since DFARS 252.204-7019/7020 took effect in November 2020.

Under CMMC, SPRS also holds your certification status and the annual senior-official affirmation. On November 10, 2026, a current Level 2 certification and affirmation in SPRS becomes a condition of award for new CUI solicitations.

A SPRS score is a signed federal representation. The 2026 LOGZONE False Claims Act settlement — a self-reported 110 against a DIBCAC-assessed −170 — established that an inflated SPRS score can be treated as fraud, even without a breach.

FROM TERMS TO READINESS

See where you actually stand on the 110 controls.

PolicyCortex maps your live cloud against every NIST 800-171 control and generates C3PAO-ready evidence. Start with the free assessment.

SYS: ONLINE
FOCUSCMMC L2 / L3
BUILD0aed52
CMMC DEADLINET-d
©2026 POLICYCORTEX, INC.