Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST IR 8323 Rev. 1 (Initial Public Draft)

Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services

Date Published: June 29, 2022
Comments Due: August 12, 2022 (public comment period is CLOSED)
Email Questions to: pnt-eo@list.nist.gov

Author(s)

Michael Bartock (NIST), Suzanne Lightman (NIST), Ya-Shian Li-Baboud (NIST), James McCarthy (NIST), Karen Reczek (NIST), Joseph Brule (MITRE), Doug Northrip (MITRE), Arthur Scholz (MITRE), Theresa Suloway (MITRE)

Announcement

The national and economic security of the United States (US) is dependent upon the reliable functioning of the nation’s critical infrastructure. Positioning, Navigation, and Timing (PNT) services are widely deployed throughout this infrastructure. In a government-wide effort to mitigate the potential impacts of a PNT disruption or manipulation, Executive Order (EO) 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation and Timing Services was issued on February 12, 2020.

NIST, as part of the Department of Commerce (DoC), produced this voluntary PNT Profile (as NIST IR 8323) in response to Sec.4 Implementation (a), as detailed in the EO. The PNT Profile was created by using the NIST Cybersecurity Framework and can be used as part of a risk management program to help organizations manage risks to systems, networks, and assets that use PNT services. The PNT Profile is intended to be broadly applicable and can serve as a foundation for the development of sector-specific guidance. This PNT Profile provides a flexible framework for users of PNT to manage risks when forming and using PNT signals and data, which are susceptible to disruptions and manipulations that can be natural, manufactured, intentional, or unintentional.

This Revision includes five (5) new cybersecurity framework (CSF) subcategories, and two (2) new appendices.

We encourage you to submit comments using the comment template provided.

NOTE: A call for patent claims is included on page vi of this draft. For additional information, see the Information Technology Laboratory (ITL) Patent Policy--Inclusion of Patents in ITL Publications.

Abstract

Keywords

critical infrastructure; Cybersecurity Framework; Executive Order; GPS; GNSS; navigation; PNT; positioning; risk management; timing
Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.IR.8323r1.ipd
Download URL

Supplemental Material:
Comments received
PNT homepage

Document History:
06/29/22: IR 8323 Rev. 1 (Draft)
01/31/23: IR 8323 Rev. 1 (Final)