Increasing Reliance on Technology in the Hospitality Sector

The role of technology in the hospitality industry is growing rapidly, and the PMS is increasingly integrated with systems and services that extend well beyond front desk operations. As the operations hub, the PMS interfaces with services and components within a property’s IT systems, such as Point-of-Sale systems, door locks, Wi-Fi networks, and other guest service applications. Adding to the complexity of connections, external business partners’ components and services are also typically connected to the PMS, such as on-site spas or restaurants, online travel agents, and customer relationship management partners or applications. This expanding PMS ecosystem provides a wider attack surface for vulnerabilities to be exploited by malicious actors. Improper configuration of the diverse applications that connect to or run through a PMS can create cybersecurity vulnerabilities.

Advancing the State of Cybersecurity for Hospitality Organizations

The NCCoE is working closely with the hospitality business community, managed security service providers, and cybersecurity technology vendors to develop a standards-based reference design that aims to advance the cybersecurity of property management systems and to demonstrate:

  • system protection and authentication with enforcement that will help prevent damage to PMS functionality and security
  • data protection and encryption to reduce the risk of a data breach of guest payment card information or personally identifiable information, and to protect the confidentiality and integrity of system data
  • auditing and analytics such as complete, real-time auditing and reporting of user activity

In partnership with technology collaborators, the NCCoE will build the reference design in a lab environment. The following diagram depicts the reference design’s high-level architecture.

The reference design will use commercially available products from the project’s technology collaborators—CryptoniteNXTForeScoutHäfele AmericaRemediantStrongKey, and TDi Technologies—along with open source products.

How to Participate

Interested parties are encouraged to engage with us through our project web page.

If you have additional comments, questions, or would like to join the Community of Interest helping to guide this project and provide feedback, please email us at

*Certain commercial entities, equipment, products, or materials may be identified to describe an experimental procedure or concept adequately. Such identification is not intended to imply recommendation or endorsement by NIST or NCCoE, nor is it intended to imply that the entities, equipment, products, or materials are necessarily the best available for the purpose.