NIST has released Draft NISTIR 8323, Cybersecurity Profile for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services, for public review and comment.

NIST is seeking comments on the draft PNT cybersecurity profile. Comments must be received no later than November 23, 2020. See the publication details for a copy of the draft and instructions for submitting comments. All relevant comments will be posted publicly.

About the Profile

The cybersecurity PNT profile is part of NIST’s response to the Feb. 12, 2020, Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services. The order notes that “the widespread adoption of PNT services means disruption or manipulation of these services could adversely affect U.S. national and economic security. To strengthen national resilience, the Federal Government must foster the responsible use of PNT services by critical infrastructure owners and operators.”

NIST has developed this cybersecurity PNT profile to help organizations identify systems, networks, and assets dependent on PNT services; identify appropriate PNT services; detect the disruption and manipulation of PNT services; and manage the associated risks to the systems, networks, and assets dependent on PNT services. This profile will help organizations make deliberate, risk-informed decisions on their use of PNT services. 

Note to Reviewers

This request for review presents several topics for which NIST is requesting federal agency and industry review and comment for potential changes or additions to the current text. Reviewers may respond to any of these topic areas as they choose. There is no requirement to include any of the topic areas in submitted comments.

NIST is particularly interested in comments and recommendations on the following topics:

• Gaps in existing standards, guidelines and practices associated with the responsible use of PNT services.
• Additional guidance on the application of the Cybersecurity Framework that can be provided as examples in the Appendix.
• The degree to which the Cybersecurity Framework functions, categories, and subcategories adequately address the broad scope of cybersecurity concerns regarding the responsible use of PNT services.
• Additional informative references such as standards and guidance documents that can be implemented into the core.
• Whether the controls and informative references are adequate and appropriate.

If you have any questions, please contact NIST at pnt-eo@list.nist.gov.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.