The present invention relates to a The Open Group Architecture Framework (TOGAF)-based enterprise security architecture model and a compliance verification method thereof. The model comprises a security capability view creation unit, a security concept view creation unit, a security logical view creation unit, and a security physical view creation unit. The security capability view creation unit provides the global guidance and framework for the information security operation of an enterprise in the strategic perspective of the security architecture. The security concept view creation unit provides the security management guidance for the information security operation of the enterprise in the management perspective of the security architecture. The security logical view creation unit provides the design guidance for the information security management operation of the enterprise in the design perspective of the security architecture. The security physical view creation unit provides the implementation guidance for the information security management operation of the enterprise in the implementation perspective of the security architecture. The enterprise security architecture model is a novel architecture model, wherein a service architecture model, a data architecture model, an application architecture model and a technology architecture model are parallel in the TOGAF.