What Is NIST SP 1800-27: Securing Property Management Systems?
In 2019, the hospitality industry suffered 13 percent of all data breaches, ranking third highest among targeted industries. It was two years later when NIST released SP 1800-27: Securing Property Management Systems to help hoteliers secure their Property Management Systems (PMS) and associated patron data. The National Cybersecurity Center of Excellence (NCCoE) at NIST collaborated with cybersecurity solutions providers and the hospitality business community to create a zero-trust example implementation framework under which a PMS and related systems could be secured using existing off-the-shelf and open-source solutions.
This guide is intended to provide a standards-based example, and the specifics may be applied directly or replaced by similar comparable solutions. For the purpose of this guide, a reference PMS was created. It includes the PMS, a payment platform and a physical access control system. The goal was to audit for anomalies, implement role-based access control, protect sensitive data as well as employ network segmentation and moving-target defense under a zero-trust architecture.
Hotels and their Vectors of Attack
Hotels, with their mines of personal identifiable information, third-party plugins and electronic payment methods, have long been tantalizing targets for cyber-attacks. With high-profile breaches affecting some of the largest chains worldwide, a uniform strategy is necessary for securing the multiple data systems required to service global clientele and provide the electronic convenience needed to maintain a competitive edge.
As the publication states, “Hotel operators rely on a property management system (PMS) for daily administrative tasks such as reservations, availability, pricing, occupancy management, check-in/out, guest profiles, guest preferences, report generation, planning and record keeping, which includes financials.”
Along with this, consider “external systems such as room-key systems, restaurant and banquet solutions, sales and catering applications, minibars, telephone and call centers, revenue management, on-site spas, online travel agents, guest Wi-Fi, loyalty solutions and payment (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by Tripwire Guest Authors. Read the original post at: https://www.tripwire.com/state-of-security/regulatory-compliance/nist-sp-1800-27-securing-property-management-systems/
