U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Draft PNT Profile Updated to Align with NIST CSF 2.0

Share

The NIST NCCoE has published the draft NIST Internal Report (IR) 8323 Revision 2, Foundational PNT Profile: Applying the Cybersecurity Framework for the Responsible Use of Positioning, Navigation, and Timing (PNT) to help organizations manage risks to systems, networks, and assets that use PNT services, such as Global Positioning Systems (GPS), public NIST and United States Naval Observatory (USNO) Network Time Protocol (NTP) servers, commercial services, and internal systems.

Originally developed based on NIST Cybersecurity Framework version 1.1, this profile has been updated to align with the NIST CSF 2.0 and includes updated references to standards, guidelines, and practices to provide practical guidelines to help an organization achieve the desired outcome for each Subcategory in the profile. 

Organizations can apply the profile to identify systems dependent on PNT, identify appropriate PNT sources, protect PNT user equipment from adversaries, detect anomalies and manipulation of PNT services, and to respond and recover from PNT service disruptions.

Comment Now!

We encourage you to review the revised publication and submit comments by July 6, 2026 using the instructions provided on the project page. 

Specific feedback is requested on the following points:

General Questions 

  • Are there additional new or updated references to support responsible use of PNT systems and data?
  • Are there any additional Categories or Subcategories from NIST Cybersecurity Framework 2.0 that should be added to the Profile? Note: the Profile is only intended to address the responsible use of PNT information and not the overall cybersecurity of PNT systems. 

Specific Questions 

  • Regarding the new Govern Functions and its relevant categories – is there any additional Applicability text needed or any additional References to include?
  • Are there any emerging technologies, such as AI, that impact the use of PNT systems and data?
  • For GV.SC-06 “Planning and due diligence are performed to reduce risks before entering into formal supplier or other third-party relationship”
    • Considering that users of PNT information do not always have a relationship with the sources of PNT data, is this Subcategory appropriate to include?
    • If the Subcategory is included, is there any additional applicability language or references that should be included?
  • For PR.DS-10 “The confidentiality, integrity, and availability of data-in-use are protected.
    • Are the current Applicability text and References appropriate?
    • Are there any additional Applicability text or References that should be added?

Next Steps

The project team will use the feedback provided to finalize Revision 2 of the profile later this year.  

View this on the NCCoE website

Information technology and Cybersecurity and privacy
Released May 6, 2026
Was this page helpful?