Date Published: May 6, 2026
Comments Due:
Email Comments to:
Author(s)
Suzanne Lightman (NIST), Ya-Shian Li-Baboud (NIST), Nakia Grayson (NIST), James McCarthy (NIST), Joseph Brule (MITRE), Karri Meldorf (MITRE), Doug Northrip (MITRE), Arthur Scholz (MITRE), Theresa Suloway (MITRE)
Announcement
This profile helps organizations manage risks to systems, networks, and assets that use PNT services, such as Global Positioning Systems (GPS), public NIST and United States Naval Observatory (USNO) Network Time Protocol (NTP) servers, commercial services, and internal systems.
Originally developed based on NIST Cybersecurity Framework version 1.1, this profile has been updated to align with the NIST CSF 2.0 and includes updated references to standards, guidelines, and practices to provide practical guidelines to help an organization achieve the desired outcome for each Subcategory in the profile.
Organizations can apply the Profile to govern cybersecurity risk management, identify systems dependent on PNT, identify appropriate PNT sources, protect PNT user equipment from adversaries, detect anomalies and manipulation of PNT services, and respond to and recover from PNT service disruptions.
We encourage you to review the revised publication draft and submit comments until July 6, 2026, using the instructions provided on the project page. NIST is seeking targeted feedback to ensure the profile is practical and aligned to real-world use.
Specific questions are included in the draft document. In particular, we are interested in:
- Whether additional references to support PNT systems and data, or additional Categories or Subcategories from NIST CSF 2.0 should be added
- How emerging technologies (including AI) impact the use of PNT systems and data
- Whether the profile appropriately addresses third-party and data dependency risks
The national and economic security of the United States (U.S.) is dependent upon the reliable operation and responsible use of Positioning, Navigation, and Timing (PNT) services. This document provides the Cybersecurity Framework (CSF) Version 2.0 Community Profile developed for supporting positioning, navigation, and timing (PNT) services and can be used as part of a risk management program to help organizations manage risks to systems, networks, and assets that use PNT services. The PNT Profile is intended to be broadly applicable and can serve as a foundation for the development of sector-specific guidance. This PNT Profile provides a flexible framework for users of PNT to manage risks when forming and using PNT signals and data, which are susceptible to disruptions and manipulations that can be natural, manufactured, intentional, or unintentional.
The national and economic security of the United States (U.S.) is dependent upon the reliable operation and responsible use of Positioning, Navigation, and Timing (PNT) services. This document provides the Cybersecurity Framework (CSF) Version 2.0 Community Profile developed for supporting...
See full abstract
The national and economic security of the United States (U.S.) is dependent upon the reliable operation and responsible use of Positioning, Navigation, and Timing (PNT) services. This document provides the Cybersecurity Framework (CSF) Version 2.0 Community Profile developed for supporting positioning, navigation, and timing (PNT) services and can be used as part of a risk management program to help organizations manage risks to systems, networks, and assets that use PNT services. The PNT Profile is intended to be broadly applicable and can serve as a foundation for the development of sector-specific guidance. This PNT Profile provides a flexible framework for users of PNT to manage risks when forming and using PNT signals and data, which are susceptible to disruptions and manipulations that can be natural, manufactured, intentional, or unintentional.
Hide full abstract
Keywords
critical infrastructure; Cybersecurity Framework; Executive Order; GPS; GNSS; navigation; PNT; positioning; risk management; timing
Control Families
None selected
