Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services.

The PNT cybersecurity profile is part of NIST’s response to the
February 12, 2020, Executive Order (EO) 13905, Strengthening National Resilience Through
Responsible Use of Positioning, Navigation, and Timing Services
. The
EO notes that “the widespread adoption of PNT services means disruption or
manipulation of these services could adversely affect U.S. national and
economic security. To strengthen national resilience, the Federal Government
must foster the responsible use of PNT services by critical infrastructure
owners and operators.” The Order also calls for updates to the profile every
two years or on an as needed basis.

Based on NIST’s interaction with public and private sector
stakeholders and their efforts to create “sector specific” profiles, it was
decided to create Revision 1. No substantive changes were made to the original
Foundational Profile; NIST is only seeking comments on the changes made in this
Revision. Among the most noteworthy are: the addition of five new Cybersecurity
Framework (CSF) Subcategories, and the addition of two appendices; Appendix D;
Applying the PNT Profile to Cybersecurity Risk Management, and Appendix E;
Organization Specific PNT Profiles.

All changes are captured in Table 26: “Change Log” for easy
reference to reviewers.

The PNT Profile was created by applying the NIST CSF to help
organizations:

  • Identify systems dependent on
    PNT
  • Identify appropriate PNT
    sources
  • Detect disturbances and
    manipulation of PNT services
  • Manage the risk to these
    systems

Organizations may continue to use this profile as a starting point
to apply their own unique mission, business environment, and technologies to
create or refine a security program that will include the responsible use of
PNT services.

One Week Left to
Comment!

  • The public comment for this
    publication is open through August 12, 2022. See the publication
    details
    for a copy of the draft and instructions for submitting
    comments.
  • Email comments directly to: pnt-eo@list.nist.gov.

Submit
Comments