D2.2 Common Certfication Model and Language Definiton
Why this work is in the frame
A frame that forgets how it found something cannot be audited. These are the routes that admitted this work.
Bibliographic record
Abstract
This deliverable presents the finalized specification for the Common Certification Model (CCM) and the Com-mon Certification Language (CCL) developed within the COBALT project, which aims to establish a unifiedcybersecurity certification approach for diverse industrial and technological domains. As part of Task T2.2 un-der Work Package 2, the document builds upon the interim version by refining the CCM and CCL definitions,enhancing their integration into the COBALT framework.The core objective is to create a standardized, interoperable, and scalable cybersecurity certification methodol-ogy that transcends sectoral boundaries, addressing challenges in Industry 4.0 (I4.0), Quantum Computing,Cloud environments, and other emerging ICT infrastructures. To this end, the deliverable consolidates: A review of current certification models and standards such as ISO/IEC 27001, NIST RMF, andEUCS. The COBALT certification strategy, based on dynamic, digital-twin-supported assessment. A shared cybersecurity information schema derived from open standards like OSCAL, BOMs(SBOMs, HBOMs), and MUD profiles. Key developments in this deliverable include: A detailed design of the CCM Manager, covering its architecture, API endpoints, user interfaces, andits role in automating certification workflows. A description of COBALT ontologies, such as the Target of Evaluation (ToE) and Certification De-scriptors, which provide machine-readable, semantically enriched representations of cybersecurity re-quirements and assessment results. Integration pathways for real-time conformity assessment and evidence handling, including dynamicupdates via Digital Twins and decentralized data sharing models. Mapping of CCM Manager API and flows with COBALT enablers like the Security Digital Twin Man-ager, Certificate Manager, and Clouditor, forming an operational toolkit to enforce certification pro-cesses. This deliverable positions CCM and CCL as foundational to achieving cross-sector interoperability, continuouscertification, and trusted automation in cybersecurity compliance processes. It provides the technical and con-ceptual groundwork to support future integration across COBALT’s full stack, offering a sustainable, extensiblemodel for EU-wide cybersecurity certification
Fetched live from OpenAlex and de-inverted. Abstracts are not stored in this database: the inverted indexes are 8.6 GB of the frame’s 9.3 GB of text, and the host has 13 GB free.
Full frame distilled prediction
Teacher imitationNot calibrated prevalence, not ground truth. Human validation pending. Learned from the 10,348 direct Codex labels and 10,348 direct Gemma labels. Candidate is the union of thresholded teacher heads; consensus is their intersection. These outputs are machine_predicted_unvalidated and are not human labels or direct frontier model labels.
Codex and Gemma teacher scores by category
| Category | Codex | Gemma |
|---|---|---|
| Metaresearch | 0.001 | 0.001 |
| Meta-epidemiology (narrow) | 0.000 | 0.000 |
| Meta-epidemiology (broad) | 0.000 | 0.000 |
| Bibliometrics | 0.000 | 0.000 |
| Science and technology studies | 0.001 | 0.000 |
| Scholarly communication | 0.000 | 0.000 |
| Open science | 0.001 | 0.001 |
| Research integrity | 0.000 | 0.000 |
| Insufficient payload (model declined to judge) | 0.006 | 0.001 |
Machine scores (provisional)
The two teacher heads of the student model, read on this work. A score orders the frame for review; it never asserts a category, and the validation status ships verbatim with every row.
Baseline scores from an immature model (maturity gate not passed, 7 training rounds). Scores rank; they never assert a category.
score_only:v0-immature-baseline · verbatim from the scoring run: score_only means the number may rank works, and no category label ships from it