The initial public draft of NIST IR 8323r1, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services, is available for comment.
The national and economic security of the United States (US) is dependent upon the reliable functioning of the nation’s critical infrastructure. Positioning, Navigation, and Timing (PNT) services are widely deployed throughout this infrastructure. In a government-wide effort to mitigate the potential impacts of a PNT disruption or manipulation, Executive Order (EO) 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation and Timing Services was issued on February 12, 2020.
NIST, as part of the Department of Commerce (DoC), produced this voluntary PNT Profile (as NIST IR 8323) in response to Sec.4 Implementation (a), as detailed in the EO. The PNT Profile was created by using the NIST Cybersecurity Framework and can be used as part of a risk management program to help organizations manage risks to systems, networks, and assets that use PNT services. The PNT Profile is intended to be broadly applicable and can serve as a foundation for the development of sector-specific guidance. This PNT Profile provides a flexible framework for users of PNT to manage risks when forming and using PNT signals and data, which are susceptible to disruptions and manipulations that can be natural, manufactured, intentional, or unintentional.
This Revision includes five (5) new cybersecurity framework (CSF) subcategories, and two (2) new appendices.
The public comment period is open through August 12, 2022. See the publication details to download the draft and for instructions on submitting comments. We encourage you to submit comments using the comment template that is provided.
NOTE: A call for patent claims is included on page vi of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.
Security and Privacy: general security & privacy, risk management
Applications: cybersecurity framework, positioning navigation & timing
Laws and Regulations: Executive Order 13905