ENISA CSIRT Maturity Framework

The ENISA CSIRT Maturity Framework is intended to contribute to the enhancement of the global capacity to manage cyber incidents, with a focus on CSIRTs. Cyber incidents and developments are inherently transnational and effective responses depend on transnational collaboration. The establishment of national CSIRTs1 is an essential step to facilitate the building of cyber capacity both within and across nations and make it more effective. The ENISA CSIRT Maturity Framework is aimed at parties involved in planning, building and leading such capacities with a concrete focus to increase maturity of all CSIRTs in the CSIRTs Network2.

The ENISA CSIRT Maturity Framework is built on three pillars:
1. the well-established OCF SIM33 standard;
2. the ENISA three-tier maturity approach: a series of three pre-defined steps that can be used as a guideline for the steps to be taken to increase maturity, complete with practical guidance on how to work with the Maturity Framework at different phases – from pre-
establishment to advanced levels of maturity;
3. the ENISA assessment methodology: self-assessment and peer-reviews applied in the
CSIRTs Network.