NIST Publishes Cybersecurity Guidance for Hospitality Industry
Hotel owners and property managers are tasked with keeping their guests and staff secure. However, the personal information and credit card data these companies take on needs to be protected, as well, and the National Institute of Standards and Technology (NIST) has published guidelines to help hospitality industry do just that.
Entitled Securing Property Management Systems — which includes NIST Special Publication [SP] 1800-27 a, b and c — the guidance shows an approach to securing a property management system (PMS). The guide offers guidance using commercially available products, giving hotel owners the ability to control and limit access to their PMS and protect guest privacy and payment card information.
Cybersecurity has been a pressing issue for the hospitality industry at least since 2019. According to an industry report, the hospitality industry ranked third in percent of data breaches, representing 13 percent of all breaches in 2019. Approximately 2/3rds of these breaches were attacks on corporate servers, which often house guest information and communicate with onsite property management systems.
The National Cybersecurity Center of Excellence (NCCoE) partnered with the hospitality business community and cybersecurity technology providers to build an example system, aka “PMS reference design,” that simulates a hotel’s PMS and connected IT infrastructure. The example includes connected IT infrastructure, including an electronic payment system and electronic door locks. The design protects data moving within this environment and prevents user access to various systems and services.
This design utilizes commercially available technologies to function, but NIST’s guide does not endorse any specific products. However, all technologies used in the solution support security standards and guidelines of the NIST Cybersecurity Framework, and the design aligns with the privacy protection activities and desired outcomes of the NIST Privacy Framework. The guide also introduces the tenets and components found in a recent NIST publication on zero trust architecture, which focuses on resource protection.
If you need help reinforcing your cybersecurity stance through regulatory compliance and tightened controls, we can help. Contact 2W Tech today to get started with your Cybersecurity Compliance Program and let our IT consultants do the work for you.