The Gap Assessment evaluates your organisation's current implementation status against all CMMC practices for your target level. It produces a domain-by-domain breakdown and calculates your SPRS (Supplier Performance Risk System) score, which is required for DoD contract eligibility.
SPRS Score Calculation
Start at 110 points (perfect score = all 110 NIST SP 800-171 requirements fully implemented)
Each unimplemented requirement deducts a weighted value (1, 3, or 5 points)
The minimum possible score is -203
Requirements on a POA&M still count as deductions until fully implemented
Score Interpretation
110
Full implementation of all requirements
90-109
Strong posture; likely assessment-ready
70-89
Good progress; focused remediation needed
40-69
Moderate; significant work required
Below 40
Early stages; major remediation needed
Requirement Weights
Weight
Deduction
Examples
5 points
Critical
MFA, CUI encryption, audit logging
3 points
Significant
Config baselines, IR plans, risk assessments
1 point
Standard
Content reviews, maintenance tools, visitor records