News Item

CSIRTs Maturity: Moving to the Next Level

The European Union Agency for Cybersecurity issues a new version of the CSIRT maturity framework to improve national CSIRTs capacity.

Published on February 23, 2022

The maturity framework released today builds upon the existing maturity framework developed in 2019 by the European Union Agency for Cybersecurity, ENISA, for the Cybersecurity Incident Response Teams (CSIRTs).

The CSIRT maturity framework is used by the CSIRTs Network members to understand, maintain and improve their maturity. The framework is intended to contribute to the enhancement of cyber incident management capacity, with a focus on national CSIRTs.

CSIRTs can therefore assess the level of their maturity thanks to the tailored assessment methodology developed by ENISA.

The new version of the maturity framework includes an additional parameter of Public Media Policy and the remaining 44 parameters of the Open CSIRT Foundation “SIM3” standard have been reviewed. SIM3 stands for Security Incident Management Maturity Model and has been in use since 2008 by the different CSIRT communities. ENISA uses this maturity standard as baseline for the framework it developed. The parameters consists of attributes relevant for the organisation, operation or functioning of a CSIRT and are classified into the following categories: organisational, human, tools and processes.

In the EU, national CSIRTs are encouraged to develop their maturity on the basis of the ENISA CSIRT three-tier maturity approach, which is based on SIM3.

The evolution of the framework also follows the necessity to meet the requirements of the Directive on Network and Information Security (NISD) on CSIRT capabilities and takes into account the proposed requirements relevant to CSIRTs foreseen in the revision of the NIS Directive.

Also aimed at entities involved in the planning, building and leading of such capacities, the framework is also suitable for other type of CSIRTs such as from multinational or sectoral organisations, universities, hospitals or government agencies.


The activities of ENISA in support of the CSIRTs Network are provided for by the Cybersecurity Act. ENISA supports the cooperation of the network and provides secretariat services. The network supports members to improve the handling of cross-border incidents and the coordinated response to specific incidents. The CSIRTs Network is a network composed of EU Member States’ appointed CSIRTs and CERT-EU (“CSIRTs Network members”). The European Commission participates in the network as an observer.

The Directive on Security of Network and Information Systems (or NIS Directive) provides legal measures to boost the overall level of cybersecurity in the EU. The revised version proposes more stringent supervision measures and enforcement, including administrative sanctions, such as fines for breach of the cybersecurity risk management and reporting obligations.

Further Information

ENISA CSIRT Maturity Framework Updated & Improved – February 2022

CSIRT maturity: Self-assessment tool

CSIRT Capabilities and Maturity – ENISA topic

CSIRTs Network

CSIRTs by Country – Interactive Map


For questions related to the press and interviews, please contact press(at)

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies