Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Securing Property Management Systems: Draft SP 1800-27 Available for Comment

The National Cybersecurity Center of Excellence has released Draft NIST Cybersecurity Practice Guide (SP 1800-27), "Securing Property Management Systems," for public comment. The comment period closes on October 28, 2020.

Hotels have become targets for malicious actors wishing to exfiltrate sensitive data, deliver malware, or profit from undetected fraud. Property management systems, which are central to hotel operations, present attractive attack surfaces.

NIST's National Cybersecurity Center of Excellence (NCCoE) collaborated with the hospitality business community and cybersecurity technology providers to build an example solution demonstrating how hospitality organizations can use a standards-based approach and commercially available technologies to meet their security needs for protecting a hotel's property management system. This example solution is described in Draft Special Publication (SP) 1800-27Securing Property Management Systems.

The principal capabilities found in the guide include protecting sensitive data, enforcing role-based access control, and monitoring for anomalies. Principal recommendations include implementing cybersecurity concepts such as zero trust, moving target defense, tokenization of credit card data, and role-based authentication. 

Released September 14, 2020, Updated October 8, 2020