Calculator · NIST 800-171 / SPRS

CMMC SPRS Score Calculator

Work through the 110 NIST 800-171 Rev 2 controls and get a live SPRS score against the DoD Assessment Methodology. Mark each control met, not met, partial (where allowed), or N/A. The score, the POA&M-eligible split, and conditional-certification eligibility update as you go. Everything stays on this device — nothing is submitted to SPRS or to us.

SPRS score · assessed controls

110 / 110

Assessed

0/110

Met

Gaps

Conditional cert

Possible

110 controls unassessed. If those turn out not implemented, the score drops to -208.

Organization label (optional, local only)

Set all:

3.1.15 pt
Authorized Access Control
3.1.25 pt
Transaction & Function Control
3.1.31 pt
CUI Flow Control
3.1.41 pt
Separation of Duties
3.1.53 pt
Least Privilege
3.1.61 pt
Non-Privileged Account Use
3.1.71 pt
Privileged Function Execution
3.1.81 pt
Unsuccessful Logon Attempts
3.1.91 pt
Privacy & Security Notices
3.1.101 pt
Session Lock
3.1.111 pt
Session Termination
3.1.125 pt
Remote Access Control
3.1.135 pt
Remote Access Encryption
3.1.141 pt
Managed Remote Access Routing
3.1.151 pt
Remote Privileged Commands
3.1.165 pt
Wireless Access Authorization
3.1.175 pt
Wireless Access Protection
3.1.185 pt
Mobile Device Connection
3.1.193 pt
Mobile Device CUI Encryption
3.1.201 pt
External System Connections
3.1.211 pt
Portable Storage on External Systems
3.1.221 pt
Publicly Accessible Content

Scores and POA&M eligibility are practitioner estimates per the DoD Assessment Methodology and CMMC scoping rules. Final scoring is determined by your self-assessment and, for Level 2, a C3PAO. This calculator is a planning aid, not a substitute for an assessment, and submits nothing to SPRS. For help getting to a defensible score, see our CMMC practice.

Working a real program?

A sub-threshold score with must-fix gaps blocks certification. We close exactly those gaps — and build the SSP and POA&M that hold up to a C3PAO.

Book a scoping call → Our CMMC practice →