Suppliers are Required to Submit Details on Progress
The Department of Defense released new details on an interim requirement for vendors that requires a near term NIST 800-171 self-assessment. The process requires participants to score compliance with each of the 110 controls defined in NIST 800-171. Completed assessment scores must be uploaded to Supplier Performance Risk System as evidence along with the referenced System Security Plan and a brief description of the plan architecture. This change marks the first time that suppliers are required to submit details on progress.
SPRS_Description_10-2020