# Operational Best Practices for ENISA Cybersecurity guide for SMEs


Conformance packs provide a general-purpose compliance framework designed to enable you to create security, operational or cost-optimization governance checks using managed or custom AWS Config rules and AWS Config remediation actions. Conformance Packs, as sample templates, are not designed to fully ensure compliance with a specific governance or compliance standard. You are responsible for making your own assessment of whether your use of the Services meets applicable legal and regulatory requirements. 

The following provides a sample mapping between the European Union Agency for Cybersecurity (ENISA) Cybersecurity guide for SMEs and AWS managed Config rules. Each Config rule applies to a specific AWS resource, and relates to one or more ENISA Cybersecurity guide for SMEs controls. An ENISA Cybersecurity guide for SMEs control can be related to multiple Config rules. Refer to the table below for more detail and guidance related to these mappings. 

This sample conformance pack template contains mappings to controls adapted from the ENISA Cybersecurity guide for SMEs. The ENISA Cybersecurity guide for SMEs is available at [Cybersecurity guide for SMEs - 12 steps to securing your business](https://www.enisa.europa.eu/publications/cybersecurity-guide-for-smes).


****  
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/config/latest/developerguide/operational-best-practices-for-enisa-cybersecurity-guide-for-smes.html)

## Template


The template is available on GitHub: [Operational Best Practices for ENISA Cybersecurity guide for SMEs](https://github.com/awslabs/aws-config-rules/blob/master/aws-config-conformance-packs/Operational-Best-Practices-for-ENISA-Cybersecurity-Guide.yaml).