SIM3 Model & References

CSIRT Maturity is an indication of how well a team governs, documents, performs and measures their function. The maturity of a CSIRT is measured with the Security Incident Management Maturity Model, also called SIM3.

For the current reference version 1 (v1) of the SIM3 model see: SIM3 v1 model

This v1 version is in use with TF-CSIRT/TI for the (optional) Certification of their members, with ENISA for the sake of the maturity development of the EU national CSIRTs, with the Nippon CSIRT Association (NCA) and with the worldwide GFCE community in the context of the GCMF, the Global CSIRT Maturity Framework, that is based on SIM3.

Developments towards version 2 have started, that have already led to SIM3 v2 interim, which will be published here in December 2022. While SIM3 v2 interim is “just” a (significant) update and improvement on the v1 version, the full version 2 – expected in the course of 2023 – will optimise SIM3 not just for a CERT/CSIRT/NCSC/nCSIRT/govCERT/etcetera, but also for akin cyber security incident management teams that are bigger variations on the CSIRT theme, like ISACs, SOCs and PSIRTs.