NIST Finalizes PNT Cybersecurity Guidance
Thursday, February 11, 2021 | Comments

As part of an effort to help users apply its Cybersecurity Framework (CSF) as broadly and effectively as possible, the National Institute of Standards and Technology (NIST) released finalized cybersecurity guidance for positioning, navigation and timing (PNT) services.

Formally titled Foundational “PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation and Timing (PNT) Services (NISTIR 8323),” the document is part of NIST’s response to the February 12, 2020, Executive Order 13905, Strengthening National Resilience Through Responsible Use of Positioning, Navigation and Timing Services. To develop the profile, NIST sought public input regarding the general use of PNT data before releasing a draft version in October. The finalized version reflects public comments NIST received on the draft.

The “profile,” a term NIST uses to describe the application of the CSF to a specific implementation scenario, is intended to help mitigate the cybersecurity risks that confront PNT services. These services are important to national and economic security and include the GPS systems that are widely used by smartphone-based navigation apps, as well as split-second timing technologies that enable stock trading and efficient control of the power grid.

“Many efforts to secure PNT services were underway before we began developing this profile, but there wasn’t a formal reference for risk mitigation that everyone could use,” said NIST’s Jim McCarthy, one of the profile’s authors. “The executive order was targeted to address all users of PNT services, and we are confident the entire community can benefit.”

The main addition since the draft version was released is a quick guide intended to offer users an easier way to get started using the profile.

“The quick guide illustrates all the areas we cover in the profile and simplifies them,” McCarthy said. “Those less familiar with their own use of PNT services will benefit from the guide, as the process of implementing the profile may seem complicated for the novice user.”

IT personnel might appreciate the extensive set of references the authors have included. These range from guidance already published by both government and private sector entities to academic papers and other technical sources.

“The profile has perhaps the most comprehensive list of PNT cybersecurity references compiled into a single document so far,” McCarthy said. “They can serve as examples for anyone trying to tailor the profile’s approach to their own system.”

Would you like to comment on this story? Find our comments system below.



 
 
Post a comment
Name: *
Email: *
Title: *
Comment: *
 

Comments

No Comments Submitted Yet

Be the first by using the form above to submit a comment!


Education







Events
March 2021

4 - 4
Webinar: FirstNet — Apps Help Agencies Meet the Changing Demands as Incidents Unfold

https://register.gotowebinar.com/register/3279491754727767567

9 - 9
Webinar: Data Security for a Remote Work Environment in 2021 and Beyond

https://register.gotowebinar.com/register/6286499926156259341

June 2021

21 - 25
UTC Telecom and Technology Conference
Portland, Oregon
https://utctelecom.org

August 2021

15 - 18
APCO Conference and Expo
San Antonio, Texas
https://www.apco2021.org

More Events >

Site Navigation

Close