Do You Know Your NIST SPRS Score?
Updated: Aug 14

Bluestreak Consulting™ Reading Time: 3 minutes Ever since NIST SP 800-171r2 requirements were published back in early 2020, many organizations that want to continue doing DoD-related work have been steadily updating their security controls to meet the regulations. But you’d be surprised just how many haven’t even thought about this or they’re postponing implementation because of either cost constraints or lack of resources.
Cybersecurity is an Investment, not an Expense
Here are several things you must do before you turn in your self-assessment basic score to the SPRS:
You must have a System Security Plan (SSP)
You need to have a Plan of Actions and Milestones (POA&M)
Work with a NIST or CMMC consultant to meet compliance standards.
Your self-assessment score must be accurate. Do not inflate your score. This is vital. (Posting even a negative score is better than no score.)
What is a realistic first NIST SP 800-171 score? (possible scores are from -203 to 110):
(75-90) Well structured, spent time and money on DFARS-7012 compliance
(30-65) Some technology implementation, weak policy enforcement
(25-0) One overworked IT employee, lack of IT deployment
(-40) Ignoring compliance requirements or issues
(-150) No vulnerability patching, no monitoring, no Active Directory structure
Bluestreak Consultingâ„¢ offers very affordable and efficient solutions using our proven methods to help your business reach compliance. Partner with Bluestreak Consultingâ„¢ to get your questions answered on cybersecurity, NIST 800-171, and CMMC. Let us help you secure your data and secure your future.