A HIPS or EDR solution is implemented on critical servers and high-value servers.
Topic
Host-based intrusion detection and response
Applicable to
Non Classified, Official, Protected, Secret, Top Secret
History
Priority
recommended
Mar 2025
A HIPS or EDR solution is implemented on critical servers and high-value servers.
The existing control recommending that a HIPS is implemented on critical servers and high-value servers was amended to specify that either a HIPS or EDR solution can be used.
Mar 2022
A HIPS is implemented on critical servers and high-value servers.
Miscellaneous changes were made to rationale and recommendations throughout the publication to clarify content without changing intent. This included a review from the Guidelines for System Hardening chapter through to the Guidelines for Data Transfers chapter.
2015
HIPS must be used on high value servers, such as authentication servers (e.g. ActiveDirectory Domain Controllers and RADIUS servers), DNS servers, web servers, file servers andemail servers.
2010
It is recommended agencies install host-based IDSs on DNS, email, web and other high value servers.