The Cybersecurity & Infrastructure Security Agency (CISA) recently released Time Guidance for Network Operators, Chief Information Officers, and Chief Information Security Officers.
As the introduction states, “[t]he goal of this document is to inform public and private sector organizations, educational institutions, and government agencies on time resilience and security practices in enterprise networks and systems.” In addition, the document was written “to provide practical guidance for the management of time in enterprise systems and testing your time resilience.”
The document presents a structure for a PNT test plan with seven specific recommendations: having full knowledge of the system, timing sources, and users; regularly updating the system; documenting and testing the system; diversifying timing sources; and detecting and addressing anomalies in timing sources.
CISA’s PNT recommendations can be integrated into an organization’s cybersecurity master plan, and they are consistent with Executive Order 13905 that directs the responsible use of PNT for critical infrastructure.