This objective defines the set of claims to manage security assurance not based on trust but on evidences, and competitively, as it defines the set of metrics to be used to measure the security and the design of the methodology to be followed to manage security certification metrics. Moreover, this objective also targets the design of audit (as much as possible automatic) procedures in ICT systems, by considering all ICT components within the supply chain. This objective must consider the envisioned scenario putting together human actions, diversity of development contexts, multi-vendor security appliances and technology maturity levels, as well as the inherent characteristics of IoT ecosystems, mainly referring to Machine-to-Machine (M2M).