Simplifying SPRS Scoring for DoD Contractors

By Ken Satkunam, CISM  ·  President & Founder, NorthStar Technology Group

March 2026  ·  10 min read

What is SPRS Scoring and Why Does it Matter?

The Supplier Performance Risk System (SPRS) is an essential element for DoD contractors handling Controlled Unclassified Information (CUI) and aiming for successful CMMC compliance. SPRS scoring is crucial because it evaluates a contractor’s security posture, impacting your ability to win DoD contracts and safeguarding sensitive data from cybersecurity threats.

Accurate SPRS scores demonstrate adherence to the standards set by the Defense Federal Acquisition Regulation Supplement (DFARS) and associated requirements, reinforcing your credibility as a secure and reliable contractor.

How Do DoD Contractors Calculate Their SPRS Score?

Calculating an SPRS score involves a self-assessment based on NIST SP 800-171 requirements. Your score must be submitted via the DoD CIO portal. Begin by evaluating your compliance with each of the NIST 110 security controls, assessing your organization against the criteria.

You can also take advantage of resources like the Security Check provided by NorthStar Technology Group, and seek guidance for identifying areas needing improvement, ensuring all deficiencies are documented.

What Are Common Mistakes in SPRS Scoring?

One common mistake in SPRS scoring is an inadequate understanding of the NIST SP 800-171 controls resulting in incorrect assessments. Failure to accurately document and report deficiencies can result in lower scores, potentially affecting contract opportunities with the DoD.

Ensure that all assessments and reporting are meticulously documented. Regularly consulting the NIST guidelines and utilizing internal audits can help maintain more accurate scoring.

How Can NorthStar Technology Group Assist in SPRS Scoring?

Navigation through SPRS scoring can be complex, but with NorthStar Technology Group, DoD contractors can streamline compliance efforts. We offer comprehensive services tailored to enhancing your organization's security stance, supported by our expertise in managed IT and CMMC services.

As an industry leader, NorthStar provides specialized assessments and solutions that address the unique challenges faced by defense contractors. Visit our DoD contractors resource hub for more detailed guidance.

What Steps Should be Taken Post-SPRS Submission?

After submitting your SPRS score, it is crucial to routinely review and adjust your cybersecurity measures, ensuring continuous compliance and improvement. Employing regular training programs for your IT security team and conducting periodic security checks can preempt vulnerabilities.

Continued engagement with third-party assessment organizations (C3PAOs) can also be beneficial in maintaining a compliant security framework in alignment with evolving CMMC requirements, enhancing reliability in DoD contracts.

ABOUT THE AUTHOR

Ken Satkunam, CISM
President & Founder, NorthStar Technology Group

Ken has spent over 25 years in IT leadership serving regulated organizations. He founded NorthStar Technology Group in 2000 and holds the CISM credential from ISACA. NorthStar has been recognized on the Inc. 5000 list in 2024 (#3837) and 2025 (#2393). Ken is the co-author of the Amazon best-seller Cyber Attack Prevention.

CISM • Inc. 5000 • MSP 500 • Published Author • 25+ Years