The rapid growth of digital economies has led organizations all around the world to massively depend on new technologies and digital data, which has triggered cybersecurity threats to emerge. Cybersecurity technologies enable organizations to withstand cybersecurity threats; however, the insufficient expertise of the cybersecurity workforce may result in cyber-attacks. Therefore, one suggested dimension to mitigate cyber threats is to elevate personnel competencies through cybersecurity workforce capacity building. Research studies addressed the different dimensions of cybersecurity capacity building such as technology, regulations, policy and strategy, and workforce. However, they appear to have abstract or limited comprehension of the factors of cybersecurity workforce capacity. Hence, there is a need to comprehensively address the essential factors that could assist in effectively evaluating the cybersecurity workforce capacity maturity. The lack of studies addressing the factors of cybersecurity workforce capacity in Oman motivated this study. This research aimed at comprehending the essential factors and evaluating the cybersecurity workforce capacity maturity in Oman. A quantitative approach was employed using a questionnaire adapted from two capacity maturity models to evaluate the workforce capacity maturity. This approach enabled the study to measure the implementation status of the cybersecurity practices related to cybersecurity workforce capacity in three government organizations in Oman. The data were analyzed using statistical analysis to determine the maturity level of the measured attributes. As a result, the study determined, summarized, and refined the essential factors of the cybersecurity workforce capacity and proposed a framework that comprehends the essential factors to effectively evaluate the cybersecurity workforce capacity. The results identified the focused and the overlooked factors of the cybersecurity workforce capacity. In addition, the study revealed a significant difference between the capacity maturities of the cybersecurity workforce in the three organizations. The main theoretical contributions of the study are determining the essential factors of cybersecurity workforce maturity, classifying the factors into four domains, and adding one more maturity indication level. The main practical contribution of the study is assisting organizations to design suitable cybersecurity development programs based on the evaluation results of cybersecurity workforce capacity.