Startup DreamersStartup Dreamers
  • Home
  • Startup
  • Money & Finance
  • Starting a Business
    • Branding
    • Business Ideas
    • Business Models
    • Business Plans
    • Fundraising
  • Growing a Business
  • More
    • Innovation
    • Leadership
Trending

Tick Problem Is Getting Worse, This Risk Index At Highest Level, 10/10

June 29, 2025

How to Turn Community Impact Into a Competitive Advantage

June 29, 2025

His Side Hustle Led to 7 Figures and Richard Branson’s Island

June 29, 2025
Facebook Twitter Instagram
  • Newsletter
  • Submit Articles
  • Privacy
  • Advertise
  • Contact
Facebook Twitter Instagram
Startup DreamersStartup Dreamers
  • Home
  • Startup
  • Money & Finance
  • Starting a Business
    • Branding
    • Business Ideas
    • Business Models
    • Business Plans
    • Fundraising
  • Growing a Business
  • More
    • Innovation
    • Leadership
Subscribe for Alerts
Startup DreamersStartup Dreamers
Home » Understanding The Importance Of The DoD’s SPRS Cybersecurity Requirements
Innovation

Understanding The Importance Of The DoD’s SPRS Cybersecurity Requirements

adminBy adminJune 12, 20240 ViewsNo Comments5 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email

Chris Petersen, CEO, CTO, Co-Founder at RADICL Defense.

Are you compliant with the cybersecurity requirements of your government contracts? If not, or if you don’t know, it’s time to commit to increasing your cybersecurity efforts to keep your company and the nation safe.

The Importance Of Security And Compliance For The DIB

The Defense Industrial Base (DIB) and U.S. Critical Infrastructure (CI) don’t just rely on large enterprises for manufacturing and technology. They’re increasingly relying upon small and medium-sized businesses (SMBs) for inventions, ideas and technologies to support advancing defense systems that keep our nation safe, both domestically and abroad.

Still, despite working with sensitive confidential data, these smaller companies often don’t have the robust security approach that enterprises do to keep their data and IP safe. This could be for many reasons, from lack of awareness to lack of budget and resources. Unfortunately, their limited access to robust cybersecurity capabilities makes them perfect targets for nation-state actors and cybercriminals who want to steal confidential data and national secrets, release ransomware, or halt defense supply chains.

As a cybersecurity industry veteran and innovator, I believe more can be done to protect these SMBs so they can continue to develop their products and ideas, build their businesses, and serve their country. The DoD is taking active steps to ensure a minimum baseline of cybersecurity protection by implementing specific initiatives to increase cybersecurity compliance for its contractors. For instance, certain contractors are currently required to post their NIST SP 800-171 self-assessment score to the Supplier Performance Risk System (SPRS). DIB companies will also be required to participate in the Cybersecurity Maturity Model Certification (CMMC) process once the rule goes into effect—estimated by many to be early next year.

Understanding SPRS

The Department of Defense (DoD) doesn’t want to do business with a company that may put them at risk. Specific to cybersecurity risk, the DoD has introduced various Defense Federal Acquisition Regulation Supplement (DFARS) clauses along with specific Supplier Performance Risk System (SPRS) reporting requirements.

The Defense Federal Acquisition Regulation Supplement (DFARS) clause 252.204.7012 “Safeguarding Covered Defense Information and Cyber Incident Reporting” states that “The Contractor shall provide adequate security on all covered contractor information systems” and goes on to detail those requirements, one of them being compliance with NIST SP 800-171. The clause also details actions for cyber incident reporting, the discovery of malicious software, cyber incident damage assessment and more.

Another DFARS clause, 252.204.7019 Notice of NIST SP 800-171 DoD Assessment Requirements requires contractors required to comply with NIST SP 800-171 (per DFARS 252.204.7012) post an assessment score to SPRS. The clause specifically states, “In order to be considered for award, if the Offeror is required to implement NIST SP 800–171, the Offeror shall have a current assessment (i.e., not more than 3 years old unless a lesser time is specified in the solicitation) (see 252.204–7020) for each covered contractor information system that is relevant to the offer, contract, task order, or delivery order.”

SPRS is a database the DoD maintains of companies and their supply chain risk. Contracting officers leverage the SPRS database to assess vendor risk across three factors: item risk, price risk and supplier risk. The last factor, supplier risk, is where NIST SP 800-171 comes in. If a contract requires a company to have submitted a self-assessment score per DFARS clause 252.204.7019, and they have failed to so, the contract will not be awarded.

Understanding The NIST SP 800-171 Self-Assessment Score

A company’s NIST SP 800-171 self-assessment score is determined by evaluating compliance with all 110 security requirements in accordance with the NIST SP 800-171 DoD Assessment Methodology. Scores range from 110 to -203. All met requirements earn one point toward the score. Unmet requirements subtract from the score. Certain requirements will subtract multiple points, hence being able to reach a score of -203.

Why You Should Implement Rigorous NIST SP 800-171 Self-Assessment Operations

Care should be taken to ensure a submitted NIST SP 800-171 self-assessment score is accurate. While assessments generally have some level of subjective evaluation, there needs to be a reasonable level of rigor backing the submitted score. The score should be backed by a self-assessment operation that captures why each requirement was assessed as met or unmet, with all supporting evidence and related information captured.

Rigorous self-assessment operations will ensure company leadership understands their true NIST SP 800-171 compliance posture, which ultimately serves as an indicator of a company’s cyber incident risk—something all CEOs should be concerned about, especially those serving the defense industry.

Rigorous self-assessment operations will also help protect from Federal False Claims Act (FCA) accusations and resulting legal repercussions. FCA claims are starting to be seen. A notable example of is Verizon Business Network Services, which agreed to pay $4 million as a result of failing to “completely satisfy certain cybersecurity controls in connection with an information technology service provided to federal agencies.”

Protect Yourself, Protect America

The DFARS clauses mentioned in the article, combined with the upcoming CMMC rule, are in place to defend American innovation and critical operations from nation-state threats. These threats are real and growing. Companies required to comply with DFARS clauses 7012, 7019, and 7020 should be striving to achieve and maintain a score of 110 via a rigorous self-assessment operation.

While investments in cybersecurity and the ability to submit a higher score into the SPRS won’t assuredly result in a competitive advantage, it certainly won’t hurt. And at the same time, you’ll be reducing your company’s risk of experiencing financial loss or brand damage from a cyber incident. You’ll also better ensure you are prepared to achieve CMMC L2 compliance once the rule goes into full effect (estimated Q1 2025), which could either hinder or accelerate future contract opportunities.

Be ahead of the curve. Protect your brand. Protect your operations. Protect America’s national security.

Forbes Technology Council is an invitation-only community for world-class CIOs, CTOs and technology executives. Do I qualify?

Read the full article here

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Articles

Tick Problem Is Getting Worse, This Risk Index At Highest Level, 10/10

Innovation June 29, 2025

Deontay Wilder Vs. Tyrrell Herndon Results And Full Card Results

Innovation June 28, 2025

Second ‘Gundam Hathaway’ Movie Gets A New Trailer And Winter Release

Innovation June 27, 2025

Recycling Shells For Baby Oysters Reaps Financial, Environmental Gains

Innovation June 26, 2025

Dbrand Responds To Killswitch Switch 2 Backlash With Promised Fix

Innovation June 25, 2025

Today’s ‘Wordle’ #1466 Hints, Clues And Answer For Tuesday, June 24th

Innovation June 24, 2025
Add A Comment

Leave A Reply Cancel Reply

Editors Picks

Tick Problem Is Getting Worse, This Risk Index At Highest Level, 10/10

June 29, 2025

How to Turn Community Impact Into a Competitive Advantage

June 29, 2025

His Side Hustle Led to 7 Figures and Richard Branson’s Island

June 29, 2025

Deontay Wilder Vs. Tyrrell Herndon Results And Full Card Results

June 28, 2025

Brothers’ Side Hustle Made Over $175 Million: ‘No Investors’

June 28, 2025

Latest Posts

Think You Need Millions to Buy a Business? Think Again.

June 28, 2025

This Is Why High-End Electric Cars Are Failing

June 28, 2025

Second ‘Gundam Hathaway’ Movie Gets A New Trailer And Winter Release

June 27, 2025

LGBTQ Couple Started a Business With 80 Goats, See $150M+ Sales

June 27, 2025

How a Setback Led to Success for Busy Philipps

June 27, 2025
Advertisement
Demo

Startup Dreamers is your one-stop website for the latest news and updates about how to start a business, follow us now to get the news that matters to you.

Facebook Twitter Instagram Pinterest YouTube
Sections
  • Growing a Business
  • Innovation
  • Leadership
  • Money & Finance
  • Starting a Business
Trending Topics
  • Branding
  • Business Ideas
  • Business Models
  • Business Plans
  • Fundraising

Subscribe to Updates

Get the latest business and startup news and updates directly to your inbox.

© 2025 Startup Dreamers. All Rights Reserved.
  • Privacy Policy
  • Terms of use
  • Press Release
  • Advertise
  • Contact

Type above and press Enter to search. Press Esc to cancel.

GET $5000 NO CREDIT