Internet of Things (IoT)

Draft NIST IR 8323 Revision 1 Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services

  • 1.  Draft NIST IR 8323 Revision 1 Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services

    Posted Jun 29, 2022 10:13:00 AM
      |   view attached
    Hi All,

    NIST just published for comment NIST IR 8323 Revision 1 Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) Services.

    The PNT cybersecurity profile is part of NIST's response to the February 12, 2020, Executive Order (EO) 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation, and Timing Services. The EO notes that "the widespread adoption of PNT services means disruption or manipulation of these services could adversely affect U.S. national and economic security. To strengthen national resilience, the Federal Government must foster the responsible use of PNT services by critical infrastructure owners and operators." The Order also calls for updates to the profile every two years or on an as-needed basis.

    Based on NIST's interaction with public and private sector stakeholders and their efforts to create "sector-specific" profiles, it was decided to create Revision 1. No substantive changes were made to the original Foundational Profile; NIST is only seeking comments on the changes made in this Revision. Among the most noteworthy are: the addition of five new Cybersecurity Framework (CSF) Subcategories, and the addition of two appendices; Appendix D; Applying the PNT Profile to Cybersecurity Risk Management, and Appendix E; Organization Specific PNT Profiles.

    All changes are captured in Table 26: "Change Log" for easy reference to reviewers.

    The PNT Profile was created by applying the NIST CSF to help organizations:
    • Identify systems dependent on PNT
    • Identify appropriate PNT sources
    • Detect disturbances and manipulation of PNT services
    • Manage the risk to these systems

    Organizations may continue to use this profile as a starting point to apply their own unique mission, business environment, and technologies to create or refine a security program that will include the responsible use of PNT services.

    The public comment period for this publication is now open through August 12, 2022.

    Email comments directly to: [email protected].




    ------------------------------
    Michael Roza CPA, CISA, CIA, MBA, Exec MBA
    ------------------------------