Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 800-94 Rev. 1 (Initial Public Draft)

Guide to Intrusion Detection and Prevention Systems (IDPS)

Date Published: July 2012
Comments Due: August 31, 2012 (public comment period is CLOSED)
Email Questions to:

Planning Note (07/15/2022): This draft document has been retired. The inputs and comments to the draft were no longer applicable to the relevant threat models. NIST will announce when it initiates work to provide new guidance for IDS/IPS.


Karen Scarfone (Scarfone Cybersecurity), Peter Mell (NIST)


NIST announces the public comment release of Draft Special Publication (SP) 800-94 Revision 1, Guide to Intrusion Detection and Prevention Systems (IDPS). This publication describes the characteristics of IDPS technologies and provides recommendations for designing, implementing, configuring, securing, monitoring, and maintaining them. The types of IDPS technologies are differentiated primarily by the types of events that they monitor and the ways in which they are deployed. This publication discusses the following four types of IDPS technologies: network-based, wireless, network behavior analysis (NBA), and host-based. Draft SP 800-94 Revision 1 updates the original SP 800-94, which was released in 2007.



information security; intrusion detection
Control Families

Audit and Accountability; Incident Response; Planning


Draft SP 800-94 Rev. 1 (pdf)

Supplemental Material:
None available

Document History:
07/25/12: SP 800-94 Rev. 1 (Draft)