The Global CSIRT Maturity Framework

Publish Date: 1 April 2021

The Global CSIRT Maturity Framework is intended to contribute to the enhancement of global cyber incident management capacity, with a focus on national CSIRTs. Cyber incidents and developments are inherently transnational and effective response is dependent upon transnational collaboration. The establishment of national CSIRTs is an essential step to facilitate cyber capacity building both within and across nations and make it more effective. The Global CSIRT Maturity Framework is aimed at parties involved in planning, building and leading such capacities.

The Framework includes a well-established maturity model, as well as an elaboration of pre-defined maturity stages that can be used as a guideline for steps towards increased maturity, completed with practical guidance on how to work with the maturity model at different phases – from pre-establishment to advanced stages of maturity. It is important to recognise that the framework is not intended to be prescriptive, but is meant to support and stimulate national efforts on building and improving cyber incident response capacity. However, the maturity stages that have been defined are based on extensive experience and expertise in the CSIRT community and offer valuable guidance for national CSIRTs in regard the quality level to aspire to. The Global CSIRT Maturity Framework combines previous models that are widely recognised and adopted. In particular, the Open CSIRT Foundation SIM3 model and the European Union Network and Information Security Agency (ENISA) three-tier maturity approach are used as a basis for this Global CSIRT Maturity Framework for national CSIRTs.

The updated version 2.0 includes more in-depth information and explanation about the relevance of different parameters of the maturity model for national CSIRTs.

Version 1.0 from June 2019 can be accessed here.

Related project – CSIRT Maturity Initiative (*GFCE Initiative)