The National Institute of Standards and Technology (NIST) created a Positioning, Navigation and Timing (PNT) Profile using its Cybersecurity Framework that can be used as part of a risk management framework to assist organizations in managing risk to systems, networks, and assets that use PNT services.
“The PNT Profile is intended to be broadly applicable and can serve as a foundation for the development of sector-specific guidance,” NIST wrote in the guidance. “This PNT Profile provides a flexible framework for users of PNT to manage risks when forming and using PNT signals and data, which are susceptible to disruptions and manipulations that can be natural, manufactured, intentional, or unintentional.”
The PNT Profile was created due in part to an executive order issued in February 2020 and was developed to address four components of responsible PNT use, including:
- Identifying systems that use or form PNT data;
- Identifying PNT data sources;
- Detecting disruption and manipulation of systems that form or use PNT services and data; and
- Managing risk regarding the responsible use of these systems.
This profile is not meant to be an issued regulation, mandatory practice, compliance, or carry statutory authority, but rather a voluntary guidance to manage risks when forming and using PNT signals and data.
“Each organization is encouraged to make their risk management decisions in the context of their own cyber ecosystem, architecture, and components,” wrote NIST. “The PNT Profile’s strategic focus is to supplement preexisting resilience measures and elevate the postures of less mature initiatives.”