NISTIR 8323 (Draft)

Cybersecurity Profile for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services

Date Published: October 2020
Comments Due: November 23, 2020 (public comment period is CLOSED)
Email Questions to: pnt-eo@list.nist.gov

Announcement

About the Profile

The PNT cybersecurity profile is part of NIST’s response to the Feb. 12, 2020, Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services. The order notes that “the widespread adoption of PNT services means disruption or manipulation of these services could adversely affect U.S. national and economic security. To strengthen national resilience, the Federal Government must foster the responsible use of PNT services by critical infrastructure owners and operators.”

NIST has developed this PNT cybersecurity profile to help organizations identify systems, networks, and assets dependent on PNT services; identify appropriate PNT services; detect the disruption and manipulation of PNT services; and manage the associated risks to the systems, networks, and assets dependent on PNT services. This profile will help organizations make deliberate, risk-informed decisions on their use of PNT services. 

NIST is seeking comments on the draft PNT cybersecurity profile. Comments must be received no later than November 23, 2020. All relevant comments will be posted publicly.

We encourage you to organize and submit your comments using our comment template.

Note to Reviewers

This request for review presents several topics for which NIST is requesting federal agency and industry review and comment for potential changes or additions to the current text. Reviewers may respond to any of these topic areas as they choose. There is no requirement to include any of the topic areas in submitted comments.

NIST is particularly interested in comments and recommendations on the following topics:

  • Gaps in existing standards, guidelines and practices associated with the responsible use of PNT services.
  • Additional guidance on the application of the Cybersecurity Framework that can be provided as examples in the Appendix.
  • The degree to which the Cybersecurity Framework functions, categories, and subcategories adequately address the broad scope of cybersecurity concerns regarding the responsible use of PNT services.
  • Additional informative references such as standards and guidance documents that can be implemented into the core.
  • Whether the controls and informative references are adequate and appropriate.

NOTE: A call for patent claims is included on page iii of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

critical infrastructure; Cybersecurity Framework; Executive Order; GPS; navigation; PNT; positioning; risk management; timing
Control Families

None selected

Documentation

Publication:
NISTIR 8323 (Draft) (DOI)
Local Download

Supplemental Material:
Template for submitting comments (xls)
Comments received (web)

Document History:
08/31/20: White Paper (Draft)
10/22/20: NISTIR 8323 (Draft)
02/11/21: NISTIR 8323 (Final)