Documentation
HECVAT Full v3.0.6
Firewalls, IDS, IPS, and Networking
FIDP-06

Question FIDP-06

Do you employ host-based intrusion detection?

Weight25
High RiskYes
RequiredYes
Compliant AnswerYes

Standard Guidance

EDUCAUSE provides no guidance here

Answering "NO"

Describe your plan to implement host-based Intrusion Detection System capabilities in your environment.

Answering "YES"

Describe the currently implemented host-based IDS solution(s).

Reason for Question

It is important to have detective capabilities in an information system to protect institutional data. Because this is somewhat expected in information systems, vendors without IDSs implemented should raise concerns. Compensating controls need future evaluation, if provided by the vendor.

Follow-Up Inquiries

Ask the vendor to summarize why host-based intrusion detection tools are not implemented in their environment. What compensating controls are in place to detect configuration changes and/or failures of integrity?

HECVAT Pro Advice

[Add expert insights and best practices]

Implementation Tips

[Add practical steps for SME SaaS vendors]

FAQ

[Add common questions related to this HECVAT item]

Resources

[Add links to relevant articles or tools]