• About Us
  • IT Services
  • Compliance
  • Resources
  • Contact Us
  • Who We Serve
  • Speaker Request
  • (888) 277-8320

    • Appalachia Technologies Blog

    Appalachia Technologies team is comprised of a diverse mix of IT professionals, some of whom have been on the forefront of IT since the industry’s inception. Through the years, our team has developed a wide array of experience in understanding individual needs and how they relate to your business.
    Categories
    Tags
    Categories:   All Categories
    Suggested keywords
    x

    SPRS Pt 2 - How to Enter an SPRS Score

    In a previous blog post, we discussed how to calculate your SPRS (Supplier Performance Risk System) score in support of your CMMC (Cybersecurity Maturity Model Certification) efforts.  In that same blog, we also provided a free tool to help you calculate your SPRS score automatically.

    In this follow-on blog, we’ll talk about how to provide your SPRS score to the DoD, which is a whole other chore once you’ve actually determined what your score is.  In order to access the part of the SPRS website where your score is uploaded, we first need a CAC (Common Access Card) or a DoD approved medium assurance ECA (External Certification Authority) certificate.  The primary purpose of this certificate is to ensure that the individual person entering the score is who they actually claim to be (non-repudiation), in addition to ensuring the confidentiality of the data.

    The whole process is pretty convoluted and a bit wonky – about as much fun as filling out your income taxes manually, using an abacus that is missing a few beads.  I worked for the DoD for many years, so this isn’t a surprise – at least not to me.  We found a few possible errors in the various DoD instructions themselves, so have patience and take your time.  Might be a good idea to stick to decaf for this week.

    Anyway, a large number of DIB (Defense Industrial Base) contractors won’t have a CAC card available to them, so you will have to purchase an ECA certificate from either WidePoint or IdenTrust.  The link to the ECA Certificate Policy and these two vendors can be found here.

    DoD Exchange 1

    If you are not accustomed to the DoD’s style of I.T., you may be surprised to learn that the ECA certificate will be issued to a single person in your organization, who will then install the certificate on a single designated machine.  Not exactly convenient, but Que Sera Sera.  Also, the person to whom the ECA certificate is tied should be the same as your EB POC (Electronic Business Point of Contact) as listed in SAM.gov.  If this is not the case, then the EB POC must designate a CAM (Contract Administrator) by submitting this CAM Appointment Letter via e-mail to DISA (Defense Information Systems Agency).  The instructions to install the ECA certificate can be found on the PIEE (Procurement Integrated Enterprise Environment) website found here.

    PIEE 2

    Once you have your workstation set up, you can then register for access to SPRS using the PIEE website by following the instructions located here.

    PIEE Instructions 3

    At this point, you're probably ready to start chewing your own arms off, and we don’t blame you.  By now, the aforementioned abacus won’t be the only thing missing a few beads.  However, we can now head to the SPRS website and enter your score.  To do that, follow these instructions.

    NIST SP 800 171 Entry Guide 4

    Whew!  Well, that was fun.  This whole process is nothing if not more aggravation.

    Alternatively, you can also submit your SPRS score via an encrypted e-mail to .  Once you obtain your ECA certificate, send an e-mail to that address requesting a signed and encrypted e-mail in return.  Now that you have their public key, you can reply with your self-assessment and other results.

    It goes without saying that all of this is a royal pain; unfortunately, nothing which has "DoD" and "cybersecurity" in the same sentence is easy. Take heart though -- once your SPRS score has been entered, this will open up bidding opportunities that might not otherwise be available and provides your company with a competitive edge.

    Jason McNew  
    Senior Engineer, Cybersecurity Risk and Compliance, Appalachia Technology 

    jason mcnew headshot thumbnailJason McNew is a CISSP and a CMMC RP (Registered Practitioner).  Jason, a United States Air Force veteran, holds a Master’s degree from Penn State University in Information Sciences, Cyber Security and Information Assurance, in addition to a Bachelor of Science and two Associate of Science degrees. Penn State’s Cyber Security program has been reviewed and endorsed by the National Security Agency (NSA) and the Department of Homeland Security (DHS).  He also worked for the White House Communications Agency from 2003 until 2015.  In 2017 he founded Stronghold Cyber Security, which was acquired by Appalachia Technologies in 2020. 

     

    LinkedIn
    Tags:
    cybersecurity CMMC Security
    Adapting - How COVID Affected the Way We Work
    Phishing for a Deal? A Black Friday Warning

    News & Updates

    Terri Black-Bendl, Vice President of Sales & Marketing, Nominated for Women in Technology Award
    Terri Black-Bendl, Vice President of Sales & Marketing, Nominated for Women in Technology Award
    PRESS RELEASE Mechanicsburg, PA, July 11, 2024 - Appalachia Technologies is excited to announce that Terri Black-Bendl, Vice President, Sales & Marketing, has been nominated for the Women in Technology Awards, presented by Technology Council of Central PA.  Terri’s nomination category, Impact Award – Private Sector/Entrepreneur to Small Business, spotlights women who have made contributions in technology in the Entrepreneurial/Small Business (under 50 employees) category.
    Read More

    Contact Us

    Learn more about what Appalachia Technologies can do for your business.

    Appalachia Technologies
    5000 Ritter Road Suite 104
    Mechanicsburg, Pennsylvania 17055