About National cyber security capacity maturity assessment

Nations across the globe are developing with an ever-increasing reliance on information and communication technologies, like the internet. The vitality of cyberspace will depend on each nation’s success in building in building capacity in the face of changing cyber-threats – whether due to trends in the diffusion of technology, technical advances, social and political change, or the evolution of threat-actor ecosystems – has never been more important.

Building cybersecurity capacity is a journey that a country or an organisation makes in developing greater resiliency. A point where they have built systems and policies to prevent, prepare for, and respond to cyber-attacks.

The Cybersecurity Capacity Maturity Model for Nations (CMM) by the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford provides a framework that helps countries to understand what works, what doesn’t work and why – across all areas of cybersecurity and allows to compare cybersecurity capacity across different nations in the world and over time. Its methodology ensures that we collect insights from different actors and groups of stakeholders in order to reflect a broad view of cybersecurity capacity in each nation.

Developed in consultation with over two hundred international experts drawn from governments, international organisations, academia, public and private sectors and civil society, the CMM reviews cybersecurity capacity across five dimensions which together constitute the breadth of national capacity that a country requires to be effective in delivering cybersecurity:

  • Cybersecurity Policy and Strategy;
  • Cybersecurity Culture and Society;
  • Building Cybersecurity Knowledge and Capabilities;
  • Legal and Regulatory Frameworks;
  • Standards and Technologies.

NRD Cyber Security is a strategic partner of the Global Cyber Security Capacity Centre (GCSCC) in deploying the CMM and facilitating the nations in the assessment of the maturity of a country’s cybersecurity capacity.

How do we do it?

  • In-country stakeholder consultations;
  • Desk research;
  • Evidence-based report, which benchmarks the maturity of a country’s cybersecurity capacity, identifies possible exposure to risks and identifies priorities for investment and future capacity building.


  • Drives increased cybersecurity awareness and capacity building and contributes to greater collaboration within government;
  • Helps define roles and responsibilities within governments;
  • Enhances internal credibility of cybersecurity agenda within governments;
  • Involves whole of government/whole of society collaboration by facilitating of direct conversations with cybersecurity stakeholders from academia, civil society, business, critical infrastructures, legislators, government, CSIRT community, defence and criminal justice;
  • Increases funding and guides investment priorities for cybersecurity capacity building
  • Nationally owned process, supported by neutral external evaluation;
  • Is foundational to the country’s strategy and policy development.
  • Assessment of cybersecurity ecosystem in Serbia

    Country Serbia

    Read more
  • Cybersecurity capacity maturity assessment in Georgia

    Country Georgia

    Read more
Ask me <
Ask me for more information
Dr. Tadas Jakštas
Cybersecurity capacity building expert
The cookies are used on this website to improve your browsing experience. Some of the cookies are essential, while others help us to obtain data about how this website is used and to improve your experience. If you agree to the use of all cookies, please click "I agree", otherwise, please click on "Cookie settings" and select which cookies you agree to use. For more information on the use of cookies, please refer to our Cookie Policy.    I agree    Cookie settings