Securing Property Management Systems

Current Status

The NCCoE has posted its Federal Register notice (FRN) for the Securing Property Management Systems project, thereby inviting technology vendors to participate in the collaborative project.

This project will use commercially available and open source technologies to develop a cybersecurity reference design that can be implemented to help protect hospitality organizations from network intrusions that might lead to data breaches and fraud. The FRN launches a collaborative effort between the NCCoE and technology companies to address cybersecurity challenges identified in the Securing Property Management Systems project description

If after reviewing the FRN, you as a technology provider are interested in providing products or technical expertise as a collaborator on the reference design for this project, please send an email to requesting a Letter of Interest template.

To stay up to date on this project, please subscribe to the NCCoE Hospitality email list. If you are interested in helping shape this and future NCCOE hospitality projects, please consider joining the Hospitality Sector Community of Interest by emailing the project team at 


Hospitality organizations rely on Property Management Systems (PMS) for daily tasks, planning, and record keeping. As the operations hub, the PMS interfaces with several services and components within a hotel’s IT system, such as Point-of-Sale (POS) systems, door locks, Wi-Fi networks, and other guest service applications. Adding to the complexity of connections, external business partners’ components and services are also typically connected to the PMS, such as on-premise spas or restaurants, online travel agents, and customer relationship management partners or applications (on-premise or cloud-based). The numerous connections to and users of the PMS could provide a broader surface for attack by malicious actors. Demonstrating methods to improve the security of the PMS can help protect the business from network intrusions that might lead to data breaches and fraud.

The NCCoE aims to help hospitality organizations implement stronger security measures within and around the PMS, with a focus on the POS system through network segmentation, point-to-point encryption, data tokenization, multifactor authentication for remote and partner access, network and user behavior analytics, and business-only usage restrictions. NCCoE cybersecurity experts will collaborate with members of the hospitality sector and vendors of cybersecurity technologies to develop a reference design addressing this challenge. This project will produce a NIST Cybersecurity Practice Guide—a freely available description of the solution and practical steps needed to effectively secure the PMS and its many connections within the hotel IT system.

For a brief overview of this project, please read the two-page fact sheet and for more indepth information, you can read the finalized project description for Securing Property Management Systems.