The Supplier Performance Risk System (SPRS) score reflects how complete the CMMC implementation is for an organization seeking certification (OSC).
This website feature is still under development.
An organization seeking compliance (OSC) must meet all the listed practices or provide documentation for why they are not applicable.
| ID | Name | Score | Met | Not | N/A |
|---|---|---|---|---|---|
| AC.L1-3.1.1 | Authorized Access Control | 5 | |||
| AC.L1-3.1.2 | Transaction & Function Control | 5 | |||
| AC.L1-3.1.20 | External Connections | 1 | |||
| AC.L1-3.1.22 | Control Public Information | 1 | |||
| IA.L1-3.5.1 | Identification | 5 | |||
| IA.L1-3.5.2 | Authentication | 5 | |||
| MP.L1-3.8.3 | Media Disposal | 5 | |||
| PE.L1-3.10.1 | Limit Physical Access | 5 | |||
| PE.L1-3.10.3 | Escort Visitors | 1 | |||
| PE.L1-3.10.4 | Physical Access Logs | 1 | |||
| PE.L1-3.10.5 | Manage Physical Access | 1 | |||
| SC.L1-3.13.1 | Boundary Protection | 5 | |||
| SC.L1-3.13.5 | Public-Access System Separation | 5 | |||
| SI.L1-3.14.1 | Flaw Remediation | 5 | |||
| SI.L1-3.14.2 | Malicious Code Protection | 5 | |||
| SI.L1-3.14.4 | Update Malicious Code Protection | 5 | |||
| SI.L1-3.14.5 | System & File Scanning | 3 |