How to use CMMC Academy's Free NIST 800-171 Assessment Tool
Overview
Business Overview:
All defense contractors and subcontractors to submit the score of a Basic NIST 800-171 DoD Assessment (Self-Assessment), using the NIST 800-171 DoD Assessment Methodology, in the Supplier Performance Risk System (SPRS) prior to any contract award. CMMC Academy’s NIST 800-171 Assessment Tool is based on the NIST 800-171 DoD Assessment Methodology Version 1.2.1 and was specifically developed to help DoD suppliers meet this requirement.
Technical Overview:
Before using this tool make sure that you have a current System Security Plan (SSP) that describes system boundaries, system environments of operation, how security requirements are implemented, and the relationships with or connections to other systems.
Things to Know
It is important to note when using the CMMC Academy’s NIST 800-171 tool, an SSP is required or a ZERO score will be reflected. This is consistent with DFARS clause 252-204-7012 where an SSP is required for compliance.
Need help using the tool? Contact us!Using CMMC Academy’s 800-171 Self-Assessment Tool:
- To use CMMC Academy’s 800-171 Self-Assessment Tool you simply indicate whether each of the 110 security requirements is either Implemented or Not Implemented in your organization.
- If all security requirements are implemented, you will receive a score of 110, consistent with the total number of NIST 800-171 security requirements. For each security requirement not implemented, a value of 1, 3 or 5 is subtracted from 110 based on the weighted importance of each specific security requirement.
- Since the score of 110 is reduced by each requirement not implemented, the final score reflects the net effect of security requirements not yet implemented. You are expected to achieve a score of 110 by the time of contract award.