Hi All,
The NCCoE has released a draft of NIST Cybersecurity Special Publication 1800-27, Securing Property Management Systems.
The principal capabilities include protecting sensitive data, enforcing role-based access control, and monitoring for anomalies. The principal recommendations include implementing cybersecurity concepts such as
zero trust, moving target defense, tokenization of credit card data, and role-based authentication.
To build the example implementation, hereafter known as the PMS ecosystem, the project collaborators reached consensus on an architecture that implements aspects of a
zero-trust architecture (ZTA), moving target defense (MTD), and data tokenization to reduce cybersecurity risk for a hotel's PMS.
------------------------------
Michael Roza CPA, CISA, CIA
------------------------------