docs: add ENISA NIS2 reference to best practice intro

.spelling

@@ -129,6 +129,7 @@ ArgoCD
 Arsh
 ArtifactHUB
 ArtifactHub
+APP.4.4
 AzureDNS
 BasicConstraints
 Bullseye
@@ -189,6 +190,7 @@ CryptoKey
 csi-driver
 csi-driver-spiffe
 Ctrl
+cybersecurity
 DCO
 DHCP
 DNS01
@@ -214,6 +216,7 @@ EKS
 ELB
 Ed25519
 Encrypter
+ENISA
 Fargate
 FastDNS
 FreeIPA
@@ -227,6 +230,7 @@ GKE
 GitOps
 github-actions
 gRPC
+Grundschutz
 GSoC
 Gloo
 GoDaddy
@@ -281,6 +285,7 @@ Makefile
 Makefiles
 NameCheap
 NGINX
+NIS2
 NLB
 NLBs
 NotIn
@@ -602,6 +607,7 @@ v1.18.0.
 v1.19
 v1.19.0
 v1.19.1
+v1.2
 v1.20.0
 v1.19.2
 v1.20.0

content/docs/installation/best-practice.md

@@ -3,17 +3,27 @@ title: Best Practice
 description: |
     Learn about best practices for deploying cert-manager in production,
     and how to configure cert-manager to comply with popular security standards
-    such as those produced by the CIS, NSA, and BSI.
+    such as those produced by the CIS, NSA, BSI, and ENISA.
 ---
 
-In this section you will learn how to configure cert-manager to comply with popular security standards such as
-the [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/),
-the [NSA Kubernetes Hardening Guide](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF), or
-the [BSI Kubernetes Security Recommendations](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf?__blob=publicationFile&v=2#page=475).
-
-And you will learn about best practices for deploying cert-manager in production;
-such as those enforced by tools like [Datree and its built in rules](https://hub.datree.io/built-in-rules),
-and those documented by the likes of [LearnKube in their "Kubernetes production best practices" checklist](https://learnkube.com/production-best-practices/).
+In this section you will learn how to configure cert-manager to comply with popular security standards
+and hardening guidelines for Kubernetes. The recommendations in this guide are informed by the
+following standards:
+
+- [CIS Kubernetes Benchmark](https://www.cisecurity.org/benchmark/kubernetes/), published by the
+  Center for Internet Security, covering secure configuration of Kubernetes components including TLS,
+  RBAC, and network policies.
+- [NSA/CISA Kubernetes Hardening Guide](https://media.defense.gov/2022/Aug/29/2003066362/-1/-1/0/CTR_KUBERNETES_HARDENING_GUIDANCE_1.2_20220829.PDF)
+  (v1.2, August 2022), joint guidance from the United States National Security Agency and CISA on hardening
+  Kubernetes clusters against supply chain, threat actor, and insider risks.
+- [BSI IT-Grundschutz Compendium](https://www.bsi.bund.de/SharedDocs/Downloads/EN/BSI/Grundschutz/International/bsi_it_gs_comp_2022.pdf?__blob=publicationFile&v=2),
+  Germany's Federal Office for Information Security (BSI) baseline protection framework, including
+  module APP.4.4 for Kubernetes.
+- [ENISA NIS2 Technical Implementation Guidance](https://www.enisa.europa.eu/publications/nis2-technical-implementation-guidance),
+  published by the EU Agency for Cybersecurity, providing practical guidance and standard mappings for
+  implementing the cybersecurity risk-management measures required by
+  [Commission Implementing Regulation (EU) 2024/2690](https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:32024R2690)
+  under the [NIS2 Directive (EU 2022/2555)](https://eur-lex.europa.eu/eli/dir/2022/2555).
 
 ## Overview