In collaboration with the Global Cyber Security Capacity Centre (GCSCC) and the Norwegian Institute of International Affairs (NUPI) the Cybersecurity Capacity Centre for Southern Africa (C3SA) undertook a review of the maturity of cybersecurity capacity in the Kingdom of Lesotho (Lesotho) at the invitation of the Ministry of Information, Communications, Technology and Innovation (MICSTI).



The aim of this project was to carry out a review and provide evidence for the maturity of Lesotho’s cybersecurity capacity. This assessment enables the government to gain a better understanding of its cybersecurity capacity with the aim of prioritising investment strategically in cybersecurity capacities.


This is the second CMM review of Lesotho and it follows one that was conducted in 2019.

This CMM study is set to use the new CMM 2021 Edition with additional indicators that include international cooperation, cybersecurity expertise and human rights impact assessment.

The CMM supports the review of cybersecurity capacity in terms of five dimensions: Cybersecurity Policy and Strategy; Cybersecurity Culture and Society; Building Cybersecurity Knowledge and Capabilities; Legal and Regulatory Frameworks; and Standards and Technologies.

The assessment aims to contribute towards achieving cybersecurity resilience not only through gaining a more profound understanding of international cybersecurity capacity but also by increasing effective investment into cybersecurity capacity based on a rigorous analysis of data collected through the model implementation. Through the application of the CMM, critical gaps in all areas of national cybersecurity were identified and filled with scalable and effective measures, in cooperation with international partners.


As a result of the CMM assessment report, the C3SA team published a CMM Report in 2023.


The Ministry of Communications, Science, and Technology together with the Lesotho Communications Authority (LCA) have identified the relevant stakeholders to participate in the CMM which are; Academia, Civil Society Groups, and Internet Governance Representatives Universities, Criminal Justice and Law Enforcement, Defense and Intelligence Community, Government Ministries, Legislators/ Policy owners, Parliamentarians, Computer Security Incident Response Team (CSIRT) and Information Technology (IT) Leaders from Government and the Private Sector, Critical National Infrastructure, Private Sector and Business, and International Cooperation.

  • From the 9th  – 12th of May 2022 a hybrid international workshop and roundtable were run to collect information for the CMM review. Between 10th and 12th May 2022, focus-group discussions for the review took place, in person, in Maseru. Throughout these discussions, civil society, public and private sectors were represented and generously contributed to discussions.

Other website links to include

Lesotho to contribute in Cyber security Maturity Model review | Infomativenews (

The Cybil project repository is being continuously updated, and the information it contains is either publicly available, or consent for publication was given by the owner. Please contact the portal manager with any additional information or corrections. Whilst every reasonable effort is made to keep the content of this inventory accurate and up to date, no warranty or representation of any kind, express or implied, is made in relation to the accuracy, completeness or adequacy of the information contained in these pages.