In the last months, looking for similar experiences to take into account while defining a Core Criterion-core Evidence ontology I found that the Common Criteria for Information Technology Security Evaluation (abbreviated as Common Criteria or CC)has many analogies with our Use Case
It is an international standard (ISO/IEC 15408) for computer security certification, defining a framework in which:
1) computer system users can specify their security functional and assurance requirements (SFRs and SARs respectively) through the use of Protection Profiles (PPs);
2) vendors can then implement and/or make claims about the security attributes of their products;
3) testing laboratories can evaluate the products to determine if they actually meet the claims.
Common Criteria framework defines guidelines to conduct in a rigorous and standard and repeatable manner the process of specification, implementation and evaluation of a computer security product.
Common Criteria is used as the basis for a Government driven certification scheme and typically evaluations are conducted for the use of Federal Government agencies and critical infrastructure