In recent years, criminals and other attackers have compromised the networks of several major hospitality companies, exposing personal information of guests. A hotel property management system (PMS) is a prime target for attackers as it manages the operations and holds valuable data.
Hotel operators rely on a property management system (PMS) for daily administrative tasks such as reservations, availability, pricing, occupancy management, check-in/out, guest profiles, guest preferences, report generation, planning, and record keeping which includes financials. The PMS connects with other applications such as the hotel point-of-sales (POS) and central reservation systems (CRS). Additionally, the PMS links to most of the other internal and external hospitality and business systems.
NIST’s NCCoE collaborated with the hospitality business community and cybersecurity technology providers to build a reference design which demonstrates how hospitality organizations can use a standards-based approach with commercially available technologies to meet their security needs for protecting property management systems.
The reference design incorporates aspects of zero trust architecture, moving target defense, and data tokenization to reduce cybersecurity and privacy risk for a hotel’s PMS.
For a brief overview of this project, please read the two-page fact sheet. More in-depth information can be found in the project description for Securing Property Management Systems.