Beyond the previously required self-certification of compliance, NIST 800-171 now requires increasing numbers of contractors and subcontractors to verify, document, and upload compliance proof to the Supplier Performance Risk System (SPRS) in order to be eligible for federal contracts. Randomly selected organizations will be subject to remote and/or in-person audits to verify their cyber security and risk management system compliance.