Use NIDS/NIPS for Gateway Network Security
Install systems at network gateways to monitor and protect against unauthorised access or threats from other networks.
🏛️ Framework
ASD Information Security Manual (ISM)
🧭 Control effect
Preventative
🔐 Classifications
NC, OS, P, S, TS
🗓️ ISM last updated
Feb 2022
✏️ Control Stack last updated
22 Feb 2026
🎯 E8 maturity levels
N/A
A NIDS or NIPS is deployed in gateways between an organisation's networks and other networks they do not manage.
Source: ASD Information Security Manual (ISM)
Plain language
We need to place smart security software where our network connects to the outside world. Why? Because it helps us spot and stop intruders before they can snoop around or cause trouble. If we don't do this, hackers could sneak in and access our sensitive data or cause disruptions, hurting our business and our reputation.
Why it matters
Lack of NIDS/NIPS at gateways exposes networks to undetected intrusions, risking data breaches and significant business disruptions.
Operational notes
Tune and update gateway NIDS/NIPS signatures, rules and baselines to detect new threats and reduce false positives.
Implementation tips
- The IT team should identify key network gateways, which are the points where our network connects to the internet or other networks. They should pinpoint these using network maps and diagrams to ensure all possible entry points are protected.
- IT professionals should install Network Intrusion Detection Systems (NIDS) or Network Intrusion Prevention Systems (NIPS) at these gateways to monitor traffic. They can do this by purchasing software from reputable vendors and following installation guides specific to each type of system.
- Network administrators should regularly update the NIDS/NIPS software to keep it equipped against new threats. They should set a schedule for updates and conduct them outside of business hours to limit disruption.
- The cybersecurity team should configure the NIDS/NIPS to alert them of unusual network activity. They can do this by setting thresholds and rules within the software to flag potential threats for further investigation.
- Managers should provide training for IT staff on how to respond to alerts from NIDS/NIPS. They can hold workshops or online training sessions, ensuring staff know their roles when a threat is detected.
Audit / evidence tips
-
Ask: the network diagram showing all gateways: Confirm this document includes clear labels for each network gateway point
Good: is a diagram with all gateways marked, updated in the past year
-
Good: is full coverage with current versions used
-
Ask: documentation of alert configurations: This should detail the rules set up in NIDS/NIPS for detecting threats
Good: shows detailed thresholds and procedures outlined
-
Good: includes recent and frequent training sessions noted
-
Ask: update logs: These should show the schedule and completion of recent updates to the NIDS/NIPS software. Look to ensure updates align with recommended frequencies from software vendors
Good: shows all systems routinely maintained and updated
Cross-framework mappings
How ISM-1028 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| Supports (1) | ||
| Annex A 8.16 | ISM-1028 requires a NIDS/NIPS at network gateways to detect and/or prevent unauthorised or malicious traffic crossing organisational boun... | |
| Related (1) | ||
| Annex A 8.20 | Annex A 8.20 addresses securing and controlling networks and network devices across the environment to protect information in systems and... | |