SPRS Posting Step-by-Step Guide

Complete guide for posting CMMC self-assessments to SPRS

Get SPRS Help

About SPRS

The Supplier Performance Risk System (SPRS) is the DoD's system for collecting and managing contractor cybersecurity assessment data. All defense contractors must post their CMMC self-assessments to SPRS to be eligible for DoD contracts.

Key Points:

  • SPRS is required for all DoD contractors
  • Self-assessments must be posted within 30 days of completion
  • Assessments are valid for 3 years
  • SPRS data is used by DoD for contract decisions

Prerequisites

Before posting to SPRS, you must have completed the following:

Required Items:

  • Completed CMMC self-assessment
  • DUNS number or UEI
  • CAGE code
  • SPRS account access

Assessment Requirements:

  • All 17 practices implemented
  • Documentation of controls
  • Evidence of implementation
  • Assessment completion date

Step-by-Step SPRS Posting Process

Step 1: Access SPRS Portal

Navigate to the SPRS portal and log in with your credentials.

SPRS Portal Access:

  • Go to: https://www.sprs.csd.disa.mil/
  • Use your DoD-approved credentials (CAC, PIV, or username/password)
  • Ensure you have the necessary permissions to post assessments

Troubleshooting:

  • If you don't have access, contact your organization's SPRS administrator
  • Ensure your CAGE code is properly registered
  • Verify your DUNS number or UEI is correct

Step 2: Navigate to Assessment Posting

Once logged in, navigate to the assessment posting section.

Navigation Steps:

  • Click on "Assessment Posting" in the main menu
  • Select "New Assessment" or "Post Assessment"
  • Choose the appropriate assessment type (CMMC Level 1)

Assessment Types:

  • CMMC Level 1 Self-Assessment
  • CMMC Level 2 Self-Assessment
  • CMMC Level 3 Self-Assessment

Step 3: Enter Assessment Details

Fill in the required assessment information and details.

Required Information:

  • Organization name and details
  • CAGE code and DUNS number/UEI
  • Assessment completion date
  • Assessment level (CMMC Level 1)
  • Assessor information (if applicable)

Assessment Results:

  • Overall assessment score
  • Individual practice scores
  • Areas of non-compliance
  • Remediation plans

Step 4: Upload Supporting Documentation

Upload any required supporting documentation and evidence.

Required Documentation:

  • Assessment report or summary
  • Evidence of control implementations
  • Policy and procedure documents
  • Training records and certifications

File Requirements:

  • PDF format preferred
  • Maximum file size limits apply
  • Clear, readable documentation
  • Properly organized and labeled

Step 5: Review and Submit

Review all information before submitting the assessment to SPRS.

Review Checklist:

  • Verify all required fields are completed
  • Check assessment scores and results
  • Ensure documentation is properly uploaded
  • Confirm assessment completion date

Submission Process:

  • Click "Submit Assessment" button
  • Confirm submission in popup dialog
  • Save confirmation number
  • Print or save submission receipt

Step 6: Post-Submission Actions

After submitting, take the necessary follow-up actions.

Immediate Actions:

  • Save confirmation number and receipt
  • Notify relevant stakeholders of submission
  • Update internal records and documentation
  • Monitor SPRS for any updates or requests

Ongoing Monitoring:

  • Check SPRS regularly for status updates
  • Respond to any DoD requests or inquiries
  • Maintain compliance with posted assessment
  • Plan for next assessment cycle

Common Issues and Solutions

Issue: Cannot Access SPRS Portal

You're unable to log in or access the SPRS portal.

  • • Verify you have the correct credentials and permissions
  • • Contact your organization's SPRS administrator
  • • Ensure your CAGE code is properly registered
  • • Check if your account is active and not locked

Issue: Assessment Submission Fails

You're unable to submit your assessment to SPRS.

  • • Check all required fields are completed
  • • Verify file uploads are within size limits
  • • Ensure assessment date is within valid range
  • • Try submitting during off-peak hours

Issue: Missing Documentation

You don't have all the required documentation.

  • • Create a basic assessment summary document
  • • Document your current security controls
  • • Include policy and procedure references
  • • Contact AlphaVerify for documentation templates

SPRS Posting Best Practices

Before Posting:

  • • Complete a thorough self-assessment
  • • Gather all required documentation
  • • Verify your CAGE code and DUNS number
  • • Test your SPRS access beforehand

After Posting:

  • • Save confirmation numbers and receipts
  • • Monitor SPRS for status updates
  • • Maintain compliance with posted assessment
  • • Plan for next assessment cycle

Need Help with SPRS Posting?

Get expert guidance on posting your CMMC assessment to SPRS.

Schedule Free Consultation