Risk Management for SMB Business Leaders: Guidance for Compliance on AWS
AWS Smart Business Blog
This article provides guidance for small and medium-sized businesses (SMBs) on managing compliance and security risks when using AWS. It emphasizes the importance of robust cybersecurity measures to protect assets, build customer trust, and unlock business opportunities.
Specifically, the article covers:
- The National Institute of Standards and Technology's (NIST) Cybersecurity Framework (CSF) and its six core functions (Identify, Protect, Detect, Respond, Recover, Govern).
- The Institute of Internal Audit's (IIA) Three Lines Model to manage compliance: first line (risk management), second line (risk oversight), and third line (independent assurance).
- Mapping the Three Lines Model to the NIST CSF functions.
- AWS services and solutions (Control Tower, Security Hub, GuardDuty, Inspector, etc.) that align with the NIST CSF and support compliance.
- A sample use case for implementing NIST compliance using AWS services like the Landing Zone Accelerator.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
May 1
2026
2026
Announcing the ISO 31000:2018 Risk Management on AWS Compliance Guide
Aug 7
2024
2024
Streamline compliance management with AWS Config custom rules and conformance packs
May 22
2025
2025
Gain Compliance Insights in your AWS Environment Using Amazon Q Business
Feb 20
2025
2025
Best practices to respond to security risks across your AWS Organizations
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.