Use NIDS/NIPS for Gateway Network Security
Install systems at network gateways to monitor and protect against unauthorised access or threats from other networks.
Plain language
We need to place smart security software where our network connects to the outside world. Why? Because it helps us spot and stop intruders before they can snoop around or cause trouble. If we don't do this, hackers could sneak in and access our sensitive data or cause disruptions, hurting our business and our reputation.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Feb 2022
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for networkingSection
Network design and configurationOfficial control statement
A NIDS or NIPS is deployed in gateways between an organisation's networks and other networks they do not manage.
Why it matters
Lack of NIDS/NIPS at gateways exposes networks to undetected intrusions, risking data breaches and significant business disruptions.
Operational notes
Tune and update gateway NIDS/NIPS signatures, rules and baselines to detect new threats and reduce false positives.
Implementation tips
- The IT team should identify key network gateways, which are the points where our network connects to the internet or other networks. They should pinpoint these using network maps and diagrams to ensure all possible entry points are protected.
- IT professionals should install Network Intrusion Detection Systems (NIDS) or Network Intrusion Prevention Systems (NIPS) at these gateways to monitor traffic. They can do this by purchasing software from reputable vendors and following installation guides specific to each type of system.
- Network administrators should regularly update the NIDS/NIPS software to keep it equipped against new threats. They should set a schedule for updates and conduct them outside of business hours to limit disruption.
- The cybersecurity team should configure the NIDS/NIPS to alert them of unusual network activity. They can do this by setting thresholds and rules within the software to flag potential threats for further investigation.
- Managers should provide training for IT staff on how to respond to alerts from NIDS/NIPS. They can hold workshops or online training sessions, ensuring staff know their roles when a threat is detected.
Audit / evidence tips
- AskThe network diagram showing all gateways: Confirm this document includes clear labels for each network gateway point GoodIs a diagram with all gateways marked, updated in the past year
- GoodIs full coverage with current versions used
- AskDocumentation of alert configurations: This should detail the rules set up in NIDS/NIPS for detecting threats GoodShows detailed thresholds and procedures outlined
- GoodIncludes recent and frequent training sessions noted
- AskUpdate logs: These should show the schedule and completion of recent updates to the NIDS/NIPS software. Look to ensure updates align with recommended frequencies from software vendors GoodShows all systems routinely maintained and updated
Cross-framework mappings
How ISM-1028 relates to controls across ISO/IEC 27001, ISO/IEC 42001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| Annex A 8.16 | ISM-1028 requires a NIDS/NIPS at network gateways to detect and/or prevent unauthorised or malicious traffic crossing organisational boun... | |
| link Related (1) expand_less | ||
| Annex A 8.20 | Annex A 8.20 addresses securing and controlling networks and network devices across the environment to protect information in systems and... | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.