The NIST NCCoE has released the draft NIST Internal Report (IR) 8323 Revision 2, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT). This profile helps organizations manage risks to systems, networks, and assets that use PNT services, such as Global Positioning Systems (GPS), public NIST and United States Naval Observatory (USNO) Network Time Protocol (NTP) servers, commercial services, and internal systems.
Originally developed based on NIST Cybersecurity Framework version 1.1, this profile has been updated to align with the NIST CSF 2.0 and includes updated references to standards, guidelines, and practices to provide practical guidelines to help an organization achieve the desired outcome for each Subcategory in the profile.
Organizations can apply the Profile to govern cybersecurity risk management, identify systems dependent on PNT, identify appropriate PNT sources, protect PNT user equipment from adversaries, detect anomalies and manipulation of PNT services, and respond to and recover from PNT service disruptions.
We encourage you to review the revised publication and submit comments until July 6, 2026, using the instructions provided on the project page. NIST is seeking targeted feedback to ensure the profile is practical and aligned to real-world use.
Specific questions are included in the draft document. In particular, we are interested in:
-
- Whether additional references to support PNT systems and data, or additional Categories or Subcategories from NIST CSF 2.0 should be added
- How emerging technologies (including AI) impact the use of PNT systems and data
- Whether the profile appropriately addresses third-party and data dependency risks
