NIST 800-53 REV 5 • SYSTEM AND INFORMATION INTEGRITY

SI-4(1)System-wide Intrusion Detection System

Connect and configure individual intrusion detection tools into a system-wide intrusion detection system.

CMMC Practice Mapping

No direct CMMC mapping

NIST 800-171 Mapping

No direct NIST 800-171 mapping

Related Controls

No related controls listed

Supplemental Guidance

Linking individual intrusion detection tools into a system-wide intrusion detection system provides additional coverage and effective detection capabilities. The information contained in one intrusion detection tool can be shared widely across the organization, making the system-wide detection capability more robust and powerful.

Practitioner Notes

Deploy intrusion detection across your entire system, not just at the perimeter. Attackers who bypass perimeter defenses must still be detected inside.

Example 1: Deploy network IDS sensors (Suricata, Snort) at your perimeter, between major network segments, and in front of critical servers. Each sensor feeds alerts to your central SIEM for correlation. Do not just watch the front door — watch the hallways too.

Example 2: Use Microsoft Defender for Endpoint as a host-based IDS on every workstation and server. It detects threats on the endpoint itself, regardless of how the attacker got in — phishing, USB drive, compromised website, or insider threat.

More System and Information Integrity Controls

SI-1 Policy and Procedures SI-2 Flaw Remediation SI-2(1) Central Management SI-2(2) Automated Flaw Remediation Status