Securing Property Management Systems

Download the Practice Guide

The NCCoE recently released the final NIST Cybersecurity Practice Guide SP 1800-27, Securing Property Management Systems. Use the buttons below to view this publication in its entirety or scroll down for links to a specific section.

Download PDF » Open Web Version »

Current Status

The NCCoE recently released the final version of NIST Cybersecurity Special Publication 1800-27, Securing Property Management Systems. 

  • SP 1800-27A: Executive Summary (PDF) (web page)
  • SP 1800-27B: Approach, Architecture, and Security Characteristics (PDF) (web page)
  • SP 1800-27C: How-To Guides (PDF) (web page)

You can also download the complete guide (PDF) or watch the following video to learn more.

If you have questions, suggestions or ideas for collaboration, please email us at hospitality-nccoe@nist.gov. You can also subscribe to receive NCCoE Hospitality notifications.

Summary

In recent years, criminals and other attackers have compromised the networks of several major hospitality companies, exposing personal information of guests. A hotel property management system (PMS) is a prime target for attackers as it manages the operations and holds valuable data.

Hotel operators rely on a property management system (PMS) for daily administrative tasks such as reservations, availability, pricing, occupancy management, check-in/out, guest profiles, guest preferences, report generation, planning, and record keeping which includes financials. The PMS connects with other applications such as the hotel point-of-sales (POS) and central reservation systems (CRS). Additionally, the PMS links to most of the other internal and external hospitality and business systems.

NIST’s NCCoE collaborated with the hospitality business community and cybersecurity technology providers to build a reference design which demonstrates how hospitality organizations can use a standards-based approach with commercially available technologies to meet their security needs for protecting property management systems.

The reference design incorporates aspects of zero trust architecture, moving target defense, and data tokenization to reduce cybersecurity and privacy risk for a hotel’s PMS.

For a brief overview of this project, please read the two-page fact sheet. More in-depth information can be found in the project description for Securing Property Management Systems.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

CryptoniteNXT
ForeScout logo
Hafele
Remediant
StrongKey logo
TDI Technologies logo