Requirements in cyber security for organizations from critical infrastructures or specific domains are not a novelty. Industrialized and developed countries enforce strict cyber security controls for institutions from financial, healthcare, or defense domains. Theoretical or practical models that support the evaluation process for cyber security stance, as well as compliance with national or organizational controls, are becoming more common. The use of models can be driven by a number of factors, ranging from national regulations, economic benefits, up to the efficiency and standardizations aspects. From a practical standpoint it is much more efficient to use a publicly validated model developed rather that develop individually a new model. In this paper we review current models that are used for evaluating cybersecurity controls in organizations that are part of the critical infrastructure domain. Via a comparative analysis we identify the peculiarity of publicly available models. We compare the results against a model that we have proposed for assessing cybersecurity maturity in critical infrastructures. We highlight the differences and common factors between these models, as well as identify current trends in the development of such models.