Three tiers. Each one checkable.
Certification tiers are anchored to the Cognitive Security Framework's assurance levels (CAL-1 through CAL-7). Each tier names what it requires and what an assessor checks — nothing is awarded on narrative. The definitions below are deliberately conservative: a tier means exactly what its checks demonstrate, no more.
The tiers
Summit Verified
Evidence exists, carries provenance, and has been independently verified.
- Evidence captured with provenance per the Decision Receipt Specification
- Integrity hashes on every evidence artifact
- Independent verification of evidence — not self-attestation by the producing agent
Summit Replayable
Everything in Verified, plus demonstrated deterministic reproduction.
- All Summit Verified requirements
- Deterministic reproduction of decisions from recorded inputs
- Evidence IDs free of wall-clock data, hostnames, and other nondeterministic inputs
Summit Admissible
Everything in Replayable, plus enforced governance and benchmark compliance.
- All Summit Replayable requirements
- Active policy enforcement with human gates for high-risk decisions
- Full Decision Receipt compliance, VGDS ≥ 0.92, certification audit passed
The tiers are cumulative: Replayable presumes Verified; Admissible presumes both. An organization certifies a specific decision pipeline, not the organization at large.
What an assessor checks
Assessment follows the framework's published criteria and weights — evidence quality and reproducibility carry the most weight, and the checks are mechanical wherever possible.
| Category | Weight | The assessor verifies |
|---|---|---|
| Evidence quality | 20% | Provenance completeness; artifact hash integrity |
| Reproducibility | 20% | Replay success rate; determinism of evidence IDs |
| Policy compliance | 15% | Violation rate; effectiveness of enforcement gates |
| Memory safety | 15% | Poisoning resistance; lineage coverage |
| Secret safety | 15% | Non-disclosure rate; Rule of Two compliance |
| Governance | 10% | Human gate precision; audit completeness |
| Documentation | 5% | Architecture, ops, and security coverage |
Because the underlying specifications are open, any third party can pre-assess against the same criteria before engaging Summit. A certification that could only be checked by its issuer would not be worth the paper.
Certify a pipeline, not a press release.
Start by locating your current state against the framework's maturity model — then certify the tier your evidence actually supports.