Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Securing Property Management Systems: Cybersecurity Practice Guide SP 1800-27

NIST's NCCoE has published Cybersecurity Practice Guide SP 1800-27, "Securing Property Management Systems."

In recent years criminals and other attackers have compromised the networks of several major hospitality companies, exposing the information of hundreds of millions of guests. A hotel property management system (PMS) is a prime target for attackers – it serves as the information technology  operations and data management hub of a hotel and could give a criminal access to a trove of valuable data.

The NIST National Cybersecurity Center of Excellence collaborated with the hospitality business community and cybersecurity technology providers to build an example solution demonstrating how hospitality organizations can use a standards-based approach and commercially available technologies to meet their security needs for protecting a hotel's property management system. This example solution is documented in the new NIST Cybersecurity Practice Guide, Special Publication (SP) 1800-27, Securing Property Management Systems.

Practitioners will find value in the featured cybersecurity approaches, which include the tenets of zero trust security, moving target defense, tokenization of credit card data, and role-based authentication to help reduce the risk of a network intrusion compromising the PMS. This guide describes risk reduction through terms found in the NIST Cybersecurity Framework and offers a brief exploration of the NIST Privacy Framework.

We welcome feedback and ideas at hospitality-nccoe [at] (subject: Feedback%20on%20NIST%20SP%201800-27) (hospitality-nccoe[at]nist[dot]gov).

Released March 30, 2021, Updated April 6, 2021