Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Guide to Intrusion Detection and Prevention Systems (IDPS)



Karen A. Scarfone, Peter M. Mell


The National Institute of Standards and Technology (NIST) developed this document in furtherance of its statutory responsibilities under the Federal Information Security Management Act (FISMA) of 2002, Public Law 107-347. This publication seeks to assist organizations in understanding intrusion detection system (IDS) and intrusion prevention system (IPS) technologies and in designing, implementing, configuring, securing, monitoring, and maintaining intrusion detection and prevention systems (IDPS). It provides practical, real-world guidance for each of four classes of IDPS: network-based, wireless, network behavior analysis software, and host-based. The publication also provides an overview of complementary technologies that can detect intrusions, such as security information and event management software. It focuses on enterprise IDPS, but most of the information in the publication is also applicable to standalone and small-scale IDPS deployments.
Special Publication (NIST SP) - 800-94
Report Number


FISMA, intrusion detection, intrusion detection and prevention, intrusion prevention


Scarfone, K. and Mell, P. (2007), Guide to Intrusion Detection and Prevention Systems (IDPS), Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], (Accessed May 20, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created February 20, 2007, Updated May 4, 2021