๐Ÿ‡ฎ๐Ÿ‡ณ India's Open Cybersecurity Maturity Framework

Measure. Improve.
Trust-IN.

NIRMATA helps Indian organisations understand where they stand on cybersecurity and data protection โ€” and exactly what to do next. Free, practical, and built for Indian realities.

Start Free Self-Assessment โ†’ Browse Guides
191
Assessment questions
12
Security pillars
5
Maturity levels
Free
Open framework
CC BY-SA 4.0
The Framework
What is NIRMATA?

NIRMATA (National Information Risk Maturity and Trust Assessment) is an open cybersecurity maturity framework built for Indian organisations. It gives you a structured way to measure where you are, understand where you need to go, and prove it to customers, regulators, and partners.

Unlike generic frameworks that require expensive consultants to interpret, NIRMATA is designed to be used directly by your team โ€” whether you're an IT manager at an MSME or a CISO at a large enterprise.

TRUST-IN Bharat is the public programme that maintains NIRMATA and the platform where you take the assessment. The framework is licensed Creative Commons CC BY-SA 4.0 โ€” free forever.

Read the Framework โ†’
๐Ÿ›๏ธ
Governance & Leadership
10% weight
โš–๏ธ
Risk & Compliance
20% weight
๐Ÿ’ป
Application Security
6% weight
๐Ÿ—„๏ธ
Asset & Data Management
8% weight
๐Ÿ”
Identity & Access
8% weight
๐ŸŒ
Infrastructure Security
12% weight
๐Ÿ”—
Supply-Chain Security
8% weight
๐Ÿšจ
Incident Readiness
4% weight
๐Ÿ”„
Business Continuity
4% weight
๐Ÿ”’
Privacy & Data Protection
6% weight
๐ŸŽ“
Culture & Training
8% weight
๐Ÿ“ก
Monitoring & Detection
6% weight
Maturity Model
Five levels. One honest score.
Your overall maturity level (OML) is a weighted score across all 12 pillars. Each pillar is scored 0โ€“5. No guesswork โ€” the formula is published and open.
0
Absent
No controls. Risk unmanaged.
1
Initial
Ad hoc. Reactive only.
2
Developing
Some policies. Inconsistent.
3
Defined
Documented. Consistently applied.
4
Managed
Monitored. KPIs tracked.
5
Optimised
Continuously improving.
How It Works
From zero to maturity score in one session
1

Register free

Create an account. No credit card. No sales call. Your data stays yours.

2

Answer 191 questions

Rate your organisation at each question from 0โ€“5. Use the guides if you're unsure what any question means.

3

Get your score

Instant OML score and CMI% across all 12 pillars. See exactly where you're strong and where to focus.

4

Improve and certify

Follow the guide for each gap. Reassess. Build toward certification and third-party verification.

Why TRUST-IN Bharat
Built for Indian organisations
๐Ÿ‡ฎ๐Ÿ‡ณ

India-first context

Every guide is written for Indian business realities โ€” DPDP Act compliance, CERT-In directions, Indian regulatory context, and tools that work on Indian budgets.

๐Ÿ†“

Genuinely free

The framework is CC BY-SA 4.0. The self-assessment platform is free. No freemium tricks. Elytra Security offers paid verification services separately.

๐Ÿ“‹

Practical guides

191 question-by-question guides that explain what auditors look for, what evidence you need, and what steps to take โ€” not abstract policy language.

๐Ÿ”ข

Transparent scoring

The NIRMATA scoring formula is published. OML = 5ร—(ฮฃWp/100). No black boxes. You can verify your score independently.

๐Ÿข

Right-sized for MSMEs

Designed for organisations that don't have a dedicated security team. Lean controls, free tooling, and prioritised by business impact.

๐Ÿค

Open governance

Maintained by Elytra Security in partnership with NCSRC. Framework changes are versioned, published, and open for community review on GitHub.

Aligned to Indian and international standards

DPDP Act 2023
CERT-In Directions 2022
IT Act 2000
ISO 27001:2022
ISO 27701:2019
NIST CSF 2.0
ISO 42001:2023

Ready to know where you stand?

Take the NIRMATA self-assessment free. Get your score across all 12 pillars in one session.

Start Free Assessment โ†’ Browse Guides First