NCCoE Hospitality Project Requests Feedback on Practice Guide

We are pleased to announce the release of the draft National Institute of Standards and Technology (NIST) Special Publication (SP) 1800-27: Securing Property Management Systems. The NIST National Cybersecurity Center of Excellence (NCCoE) seeks your feedback on this cybersecurity practice guide. The comment period is open until October 28, 2020

An Essential Resource for the Hotel Tech Community

Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces.

The NIST NCCoE collaborated with the hospitality business community and cybersecurity technology providers to build an example solution demonstrating how hospitality organizations can use a standards-based approach and commercially available technologies to meet their security needs for protecting a hotel's property management system.

The principal capabilities found in the guide include protecting sensitive data, enforcing role-based access control, and monitoring for anomalies. Principal recommendations include implementing cybersecurity concepts such as zero trust, moving target defense, tokenization of credit card data, and role-based authentication. 

Share Your Thoughts 

We look forward to receiving your comments on this draft guide regarding the approach, the architecture, and possible alternatives.

Submit comments online or via email to hospitality-nccoe@nist.gov.