SIM3 Model & References

CSIRT Maturity is an indication of how well a team governs, documents, performs and measures their function. The maturity of a CSIRT is measured with the Security Incident Management Maturity Model, also called SIM3.

For the current reference version SIM3 v2 interim, see: SIM3 v2 interim standard

Developments towards this new version started in 2022 and resulted in v2 interim on 1 January 2023. While SIM3 v2 interim is a significant update and improvement on the v1 version, including a new parameter O-6, the full version 2 – expected in the course of 2024 – will optimise SIM3 not just for a CSIRT (or CERT/NCSC/nCSIRT/govCERT/CDC/etcetera), but also for the akin cyber security incident management teams ISACs, SOCs and PSIRTs. This main typology-of-four was agreed on in cooperation with FIRST in 2023.

Key players in this area, apart from OCF, like FIRST, ENISA and the EU CSIRTs Network, the Nippon CSIRT Association (NCA), the worldwide GFCE community and many others have now all embraced SIM3 v2 interim or are in the process leading to that.

For the old reference SIM3 (now called v1) see: SIM3 v1 old standard