PIEE submission, step by step.

Before you start.

You'll need three things in place:

• A PIEE account with the Cyber Vendor User role (granted by your CAGE-tied Contractor Account Administrator).
• Your CAGE code. If you don't know it, search SAM.gov for your DUNS or business name.
• A completed FORCE assessment. The submission package generates from your finalized findings — make sure your SSP and POA&M are signed before you start.

Allow about ten minutes once you start. Most of that is waiting for PIEE pages to load.

Step 1 — Open the FORCE submission helper.

From your assessment page, click Generate SPRS package. FORCE produces a calculated NIST 800-171 score (per DoD Assessment Methodology v1.2.1) and pre-formats every field PIEE will ask for.

Each row has a one-click copy button. Keep this tab open in a separate window.

Step 2 — Sign in to PIEE.

Visit piee.eb.mil and sign in with your Cyber Vendor User credentials. From the dashboard, navigate to SPRS → Cyber Reports → Add New NIST SP 800-171 Assessment.

Step 3 — Fill in the form.

PIEE asks for eleven fields. They're straightforward; FORCE has computed each one. Click copy on the FORCE row, paste into the matching PIEE field. Verify each value before moving on:

• CAGE code — your contractor identifier.
• Assessment date — when you completed the assessment in FORCE. ISO 8601 format.
• Assessment type — Basic, Medium, or High. For self-attestation, choose Basic.
• DoD score — calculated by FORCE. Range -203 to 110.
• Plan of Action completion date — latest target close date across your open POA&M items.
• Scope of Assessment — text description. FORCE uses your assessment's system-boundary description.
• Included CAGEs — typically just yours. Multi-CAGE submissions are uncommon for self-attestations.
• SSP version — the version of your SSP this assessment is based on. FORCE generates a version stamp on every published SSP.
• The remaining three fields are administrative (point of contact, etc.) — fill from your contractor profile.

Step 4 — Senior official affirmation.

PIEE requires a senior official affirmation attesting that the score is accurate and the underlying system meets the asserted controls. FORCE produces a cryptographically signed affirmation pack alongside the score so your senior official has the full story before they sign.

The affirmation is signed under penalty of False Claims Act exposure. Treat it as the legally significant act it is. Your senior official should review the FORCE-prepared package and the SSP before clicking submit.

Step 5 — Submit.

Click Submit in PIEE. Within a few seconds, SPRS displays your assessment in your contractor record. The submission is now visible to any DoD contracting officer who pulls your CAGE.

Back in FORCE, mark the submission as completed in your audit trail. FORCE retains the exact package version you submitted for 7 years per License Agreement Section 7. If a future audit asks “what did you submit on what date with what evidence,” you have a cryptographically signed answer.

Why FORCE doesn't click submit for you.

DoD does not permit third-party automated submission to SPRS. Submission is exclusively through PIEE web entry by an authorized Cyber Vendor User. FORCE doesn't pretend otherwise. When DoD opens a programmatic SPRS API — likely 2027-2028, almost certainly via OSCAL — FORCE customers will be first to integrate. Until then: FORCE prepares everything, you paste, you sign.

See the full SPRS Submission Package capability →