Intrusion Detection
Detect malicious activity and unauthorized access attempts.
9 of 9 frameworks cover this control
Framework Mappings
How Intrusion Detection maps to each of the 6 cybersecurity frameworks tracked by ControlMap.
| Framework | Status | Control IDs |
|---|---|---|
| NIST CSF 2.0 | Covered | DE.CM-01 |
| ISO 27001 | Covered | A.8.16 |
| CIS v8 | Covered | CIS 13.1 CIS 13.3 |
| SOC 2 | Covered | CC7.2 |
| PCI DSS | Covered | 11.4.1 11.4.2 11.4.3 |
| CMMC | Covered | SI.L2-3.14.6 |
| 800-53 | Covered | SI-4 |
| HIPAA | Covered | §164.308(a)(1)(ii)(D) §164.312(b) |
| GDPR | Covered | Art.32(1)(d) Art.33(1) |
About Intrusion Detection
Intrusion Detection is a cybersecurity control in the Detect domain. Detect malicious activity and unauthorized access attempts. Intrusion detection systems (IDS) and intrusion prevention systems (IPS) monitor network traffic and system activity for signatures of known attacks, anomalous behavior, and policy violations. Network-based sensors are deployed at strategic points such as network perimeters, internal segment boundaries, and in front of critical assets, while host-based agents monitor individual systems for suspicious activity. Organizations should tune detection rules to minimize false positives, integrate alerts with SIEM platforms for correlation, and maintain up-to-date signature databases supplemented by behavioral and heuristic detection capabilities.
This control is recognized by 9 of the 6 major frameworks: NIST CSF 2.0, ISO 27001, CIS v8, SOC 2, PCI DSS, CMMC, 800-53, HIPAA, GDPR. It has full coverage across all ${FW_KEYS.length} frameworks.