A practical, stage-by-stage roadmap for achieving NIST SP 800-171 compliance — covering all 110 requirements across 14 control families, SPRS scoring, and CMMC Level 2 readiness for Texas defense contractors.
Your SPRS (Supplier Performance Risk System) score is a number between -203 and 110 that represents your NIST 800-171 compliance posture. It starts at 110 points and deducts points for each requirement not fully implemented.
Different requirements have different point values — requirements with higher security impact deduct more points when not met. A score of 110 means all requirements are fully implemented. Most organizations start with a negative score.
Your SPRS score is visible to DoD contracting officers and can affect contract award decisions. Submitting an inaccurate score is a False Claims Act violation.
All 110 requirements fully implemented. Rare for organizations starting from scratch.
Most requirements met. Minor gaps with credible POA&M. Acceptable for most contracts.
Significant gaps exist. Active remediation required. May affect contract award.
Many requirements not met. Immediate remediation required. High contract risk.
Every NIST 800-171 engagement follows these six stages. Click each stage to see exactly what happens, what it costs, and how much of your team's time it requires.
A comprehensive evaluation of your current security posture against all 110 NIST SP 800-171 requirements across 14 control families. The assessment uses the NIST 800-171A assessment methodology to produce a scored baseline — the same methodology used by C3PAO assessors for CMMC Level 2.
The CUI scoping exercise is often the most eye-opening part of the GAP assessment — organizations frequently discover CUI in places they didn't expect (email archives, cloud storage, backup systems). For a small business, expect 12–20 hours of your team's time across the 3–4 week assessment.
Every NIST SP 800-171 control family with key requirements, implementation effort, and the most common gap Segler.Net finds. Expand each family to see details.
Straight answers to what Texas defense contractors ask most about implementing NIST SP 800-171.
NIST 800-171 is the direct foundation for CMMC Level 2 certification.
Start here if you handle FCI. 17 practices, self-attestation.
CIS IG1+IG2 maps to a large portion of NIST 800-171 requirements.
Overview of all 14 control families and compliance services.
Get a comprehensive GAP assessment against all 110 requirements. We'll calculate your current SPRS score and give you a clear, stage-by-stage remediation roadmap.