ABSTRACT

Securing Property Management Systems   [open pdf - 36MB]

From the Executive Summary: "In recent years criminals and other attackers have compromised the networks of several major hotel chains, exposing the information of hundreds of millions of guests. Breaches like these can result in huge financial loss, operational disruption, and reputational harm, along with lengthy regulatory investigations and litigation. Hospitality organizations can reduce the likelihood of a hotel data breach by strengthening the cybersecurity of their property management system (PMS). The PMS is an attractive target for attackers because it serves as the information technology (IT) operations and data management hub of a hotel. This cybersecurity practice guide shows an approach to securing a PMS and the system of guest services it supports. It offers how-to guidance for building a reference design using commercially available products within a zero trust architecture to mitigate cybersecurity risk that includes role-based access control, privileged access management, network segmentation, moving target defense, and data protection."

Report Number:
NIST Special Publication 1800-27; National Institute of Standards and Technology Special Publication 1800-27
Author:
Publisher:
Date:
2021-03
Copyright:
Public Domain
Retrieved From:
National Institute of Standards and Technology: https://www.nist.gov/
Format:
pdf
Media Type:
application/pdf
URL:
Help with citations