SIM3 Model & References

CSIRT Maturity is an indication of how well a team governs, documents, performs and measures their function. The maturity of a CSIRT is measured with the Security Incident Management Maturity Model, also called SIM3.

For the current reference version of the SIM3 model see: SIM3 model

This version is in use with TF-CSIRT/TI for the (optional) Certification of their members, with ENISA for the sake of the maturity development of the EU national CSIRTs, with the Nippon CSIRT Association (NCA) and with the worldwide GFCE community in the context of the GCMF, the Global CSIRT Maturity Framework, that is based on SIM3.

Developments have started that will lead to SIM3v2, the next version of SIM3. This is expected to be released in the course of 2020. If you want to contribute to this development, please contact us.