Securing Property Management Systems

Current Status

The public comment period for the NCCoE's draft project description Securing Property Management Systems: Cybersecurity for the Hospitality Sector is now closed. The project team will take all comments into consideration while preparing to publish a final project description. For a brief overview of this project, please read the two-page fact sheet.

To stay up to date on this project, please subscribe to the NCCoE Hospitality email list. If you are interested in helping shape this and future NCCOE hospitality projects, please consider joining the Hospitality Sector Community of Interest. If you have questions or are interested in joining our Community of Interest, please email the project team at hospitality-nccoe@nist.gov. 

Summary

Hospitality organizations rely on Property Management Systems (PMS) for daily tasks, planning, and record keeping. As the operations hub, the PMS interfaces with several services and components within a hotel’s IT system, such as Point-of-Sale (POS) systems, door locks, Wi-Fi networks, and other guest service applications. Adding to the complexity of the network, external business partners’ components and services are also typically connected to the PMS, such as on-premises spas or restaurants, online travel agents, and customer relationship management partners or applications (on-premises or cloud-based). The numerous connections to and users of the PMS could provide a broader surface for attack by malicious actors. Improving the security of the PMS can help protect the business from network intrusions that might lead to data breaches and fraud. 

Based on industry research and in collaboration with hospitality industry stakeholders, the NCCoE is proposing a solution to better secure the PMS and its connections within a hotel’s IT system that implements layers of security: point-to-point encryption, data tokenization, multifactor authentication for remote and partner access, network and user behavior analytics, and business-only usage restrictions.

Building on this collaboration with the hospitality business community and vendors of cybersecurity solutions, the NCCoE will explore methods to strengthen the security of the PMS and its connections and will develop an example implementation composed of open-source and commercially available components. This project will produce a NIST Cybersecurity Practice Guide—a publicly available description of the solution and practical steps needed to effectively secure the PMS and its many connections within the hotel IT system.

Join Our Community of Interest

Interested in joining the Securing Property Management Systems Community of Interest? Contact us!

A Community of Interest is a group of professionals and technical advisors convened to support the cybersecurity resiliency of the U.S. economy. Read More.

News and Events