Hello. Welcome to the NIST 800-171 learning path. My name is Dave [inaudible]. I'm your instructor for this class, and this is the second video of Course 6, NIST 800-171 and CMMC levels 133. In this video, we're going to take a look at what is SPRS. SPRS is the supplier performance risk system. It's a web-based application that the government uses to gather, process, and report data on supplier performance. It's the Department of Defense single authorized application to retrieve supplier performance information, and it was updated in 2020 for NIST 800-171 Assessments. Again, ties directly into CMMC. This is where you're going to upload your NIST 800-171 assessment scores. You can see here a screenshot of the website SPRS guiding the DoD in responsible acquisition decisions. You can see there's a variety of different menu options here and then you can also see there, they tell you what the site's for, on-time delivery scores and quality classifications per DFARS 213.106-2, price, item, and supplier procurement risk data and assessments, company exclusion status, debarment, suspensions, etc, and the thing we care about, NIST special publication 800-171 assessment results, and then also National Security System Restricted list and supply chain illumination. Again, SPRS contains NIST 800- 171 assessment date, score, scope, and plan of action completion date for every vendor location identified by their Commercial and Government Entity Code, or CAGE code. Access to SPRS is granted to authorized acquisition government personnel through a single sign-on capability in the Procurement Integrated Enterprise Environment or PIEE. Vendors who have access can view their own data and those with the SPRS cyber vendor user role can manage their basic assessment. Again, this is how you're going to upload your NIST 800-171 basic assessment score and you must be registered in the Procurement Integrated Enterprise Environment, PIEE and be approved for access to SPRS. When you are working through this, especially if you're in a hurry to get your score uploaded, you're going to want to go through the steps and they have extensive documentation out on their website about what you need to do in order to get yourself signed up and get these roles created. Why do you care about SPRS? Well, again, this is where you're going to enter your basic assessment score for NIST 800-171 and CMMC. You can see here DFARS 204.73, Safeguarding Covered Defense Information and Cyber Incident Reporting directs contracting officers to verify that offers have NIST 800-171 assessments on record in SPRS. DFARS 252.204.7019 Notice of NIST Special Publication 800-171 DoD Assessment Requirements, requires offers to ensure that results of their current assessment are posted in SPRS and DFRS clause 252.204-7020, NIST Special Publication 800-171 DoD Assessment Requirements, requires contractors to ensure applicable subcontractors have the results of a current assessment posted in SPRS prior to an award. Again, even if you're not a prime, if you're a sub, if you're a prime has a contract that calls for protection of CUI, you need to have your current assessment score posted in SPRS prior to an award. As I mentioned before, there's lots of help on the website. You can see here these are links to a variety of different guides and so forth. They help you get started. It can be a little bit cumbersome to get your account set up and to get everything configured correctly in SPRS. I would encourage you to go to the website and check out the user guides, in particular, the SPRS access quick reference guides and if you don't already have an account, get that process started. That's all I got for this video. I will see you in the next video where we'll take a look at creating your score for a basic assessment. Thank you.
