U.S. flag   An unofficial archive of your favorite United States government website
Dot gov

Official websites do not use .rip
We are an unofficial archive, replace .rip by .gov in the URL to access the official website. Access our document index here.

Https

We are building a provable archive!
A lock (Dot gov) or https:// don't prove our archive is authentic, only that you securely accessed it. Note that we are working to fix that :)

Securing Property Management Systems: Cybersecurity Practice Guide SP 1800-27
March 30, 2021

In recent years criminals and other attackers have compromised the networks of several major hospitality companies, exposing the information of hundreds of millions of guests. A hotel property management system (PMS) is a prime target for attackers – it serves as the information technology  operations and data management hub of a hotel and could give a criminal access to a trove of valuable data.

The NIST National Cybersecurity Center of Excellence collaborated with the hospitality business community and cybersecurity technology providers to build an example solution demonstrating how hospitality organizations can use a standards-based approach and commercially available technologies to meet their security needs for protecting a hotel's property management system. This example solution is documented in the new NIST Cybersecurity Practice Guide, Special Publication (SP) 1800-27, Securing Property Management Systems.

Practitioners will find value in the featured cybersecurity approaches, which include the tenets of zero trust security, moving target defense, tokenization of credit card data, and role-based authentication to help reduce the risk of a network intrusion compromising the PMS. This guide describes risk reduction through terms found in the NIST Cybersecurity Framework and offers a brief exploration of the NIST Privacy Framework.

We welcome feedback and ideas at hospitality-nccoe@nist.gov.

Also see: NIST Offers Cybersecurity Guide Tailored to the Hospitality Industry
Created March 30, 2021