NIST SPECIAL PUBLICATION 1800 -27
Securing Property
Management Systems
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B);
and How -To Guides (C)
William Newhouse
Michael Ekstrom
Jeff Finke
Marisa Harriston
FINAL
This publication is available free of charge from :
https://doi.org/10.6028/NIST.SP.1800 -27
The first draft of this publication is available free of charge from:
https://www.nccoe.nist.gov/projects/use -cases/securing- property -management -systems
NIST SPECIAL PUBLICATION 1800 -27
Securing Property Management Systems
Includes Executive Summary (A); Approach, Architecture, and Security Characteristics (B) ;
and How -To Guides (C)
William Newhouse
Information Technology Laboratory
National Institute of Standards and Technology
Michael Ekstrom
Jeff Finke
Marisa Harriston
The MITRE Corporation
McLean, VA
FINAL
March 2021
U.S. Department of Commerce
Gina M. Raimondo, Secretary
National Institute of Standards and Technology
James K. Olthoff, Acting NIST Director and Acting Under Secretary of Commerce f or Standards and Technology
NIST SPECIAL PUBLICATION 1800 -27A
Securing Property
Management Systems
V
olume A:
Executive Summary
W
illiam Newhouse
Information Technology Laboratory
National Institute of Standards and Technology
Michael Ekstrom
Jeff Finke
Marisa Harriston
The MITRE Corporation
McLean, Virginia
Ma
rch 2021
F
INAL
This publication is available free of charge from
https://doi.org/10.6028/NIST.SP.1800 -27
The first draft of this public ation is available free of charge from
https://www.nccoe.nist.gov/projects/use -cases/securing- property -management -systems
NIST SP 1800-27A : Securing Property Management Systems 1 Executive Summary
In recent years criminals and other attackers have compromised the networks of s everal major ho tel
chains , exposing the information of hundreds of millions of guests . Breaches like these can result in huge
financial loss, operational disruption, and reputational harm, along with lengthy regulatory
investigations and litigation. Ho spitality organizations can reduce the likelihood of a hotel data breach
by strengthening the cybersecurity of their property management system (PMS) . The PMS is an
attractive target for attackers because it serves as the information technology ( IT) operations and data
management hub of a hotel . This cybersecurity practice guide shows an approach to securing a PMS and
the system of guest services it supports. It offers how -to guidance for building a refere nce design using
commercially available products within a zero trust architecture to mitigate cybersecurity risk that
includes role-based access control, privileged access management , network segmentation, moving
target defense, and d ata protection .
CHALLENGE
Hospitality organizations rely on a PMS for
daily tasks, planning, and record keeping. As
the operations hub, the PMS interfaces with several services and components within a
hotel’s IT systems, such as point-of-sale (POS)
systems, physical access control system s,
Wi-Fi networks, and other gues t service
applications. A PMS and its extended system s store, process, and transmit a variety of sensitive guest
information, including payment card information and personally identifiable information. An unsecured
or poorly secured PMS could expose a hotel –and the larger hospitality organization of which the hotel is
a part –to a significant and costly data breach , which may result in financial penalties for violating state,
federal, and international privacy and other regulatory regimes .
An unsecured or poorly secured PMS could expose
a hotel —and the larger hospitality organization
of which the hotel is a part —to a significant
and costly data breach…
This practice g uide can he
NIST.SP.1800-27
安全标准 >
NIST >
文档预览
中文文档
224 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共224页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:20:51上传分享