STTF™
Certification Framework Technical Specification
1. Purpose
The STTF™ Certification Framework defines how devices, gateways, platforms and audit systems can be evaluated for conformance with the Sustainability Telemetry Trust Framework™.
The framework verifies whether an implementation can produce, preserve, transmit and validate sustainability telemetry in a way that is:
- Semantically standardized
- Cryptographically attributable
- Evidence-linked
- Audit-ready
- Suitable for sustainability reporting workflows
- Compatible with downstream ESG, CSRD, ESRS and carbon accounting systems
STTF™ Certification does not certify the environmental performance of an organization.
It certifies the trustworthiness, traceability and interoperability of sustainability telemetry infrastructure.
2. Certification Categories
2.1. STTF Device Certified™
Applies to:
- Energy meters
- Water meters
- CO₂ sensors
- Temperature sensors
- Humidity sensors
- HVAC controllers
- Industrial sensors
- Matter-enabled devices
- OPC-UA / BACnet / Modbus-compatible devices
Purpose:
Verify that a device can expose sustainability-relevant measurements with sufficient identity, metadata and signal compatibility.
2.2. STTF Gateway Certified™
Applies to:
- Edge gateways
- Z-Edge implementations
- Industrial telemetry concentrators
- Matter hubs
- Building automation gateways
- Protocol translation devices
Purpose:
Verify that a gateway can receive raw telemetry, enrich it, map it to sustainability signals, generate evidence and transmit trusted telemetry envelopes.
2.3. STTF Platform Certified™
Applies to:
- ESG software platforms
- Cloud telemetry platforms
- Carbon accounting systems
- Sustainability reporting platforms
- Data lakes and integration platforms
Purpose:
Verify that platforms can ingest, validate, preserve and expose STTF-compliant telemetry and evidence records.
2.4. STTF Audit Certified™
Applies to:
- Assurance portals
- Evidence repositories
- Auditor tools
- Verification systems
- Regulatory evidence platforms
Purpose:
Verify that audit systems can reconstruct telemetry lineage, inspect trust metadata, validate evidence and export audit-ready records.
3. Certification Levels
3.1. STTF Compatible™
Minimum interoperability level.
An implementation can produce or consume valid STTF envelopes.
Required Capabilities
- Supports STTF Telemetry Envelope
- Supports mandatory signal metadata
- Supports organization / site / asset references
- Supports timestamped measurement records
- Supports schema versioning
- Supports basic validation status
3.2. STTF Verified™
Trusted source level.
An implementation verifies identity, origin and timing.
Additional Required Capabilities
- Device or source identity verification
- Cryptographic signature support
- Time synchronization validation
- Transport security
- Evidence ID creation
- Basic audit events
3.3. STTF Trusted™
Enterprise-grade telemetry level.
An implementation supports trust scoring, evidence generation and traceability.
Additional Required Capabilities
- Trust score calculation or trust score preservation
- Signal mapping version control
- Calibration metadata
- Data quality flags
- Evidence hash generation
- Audit trail reconstruction
- Local buffering and replay protection where applicable
3.4. STTF Assurance™
Regulatory-grade sustainability telemetry level.
An implementation supports independent assurance workflows.
Additional Required Capabilities
- Full chain-of-custody export
- Independent verification support
- Evidence package generation
- Tamper-evident audit trail
- Retention policy support
- Auditor access model
- Conformance report generation
4. Core Data Objects
STTF certification is based on the following primary data objects:
TelemetryEnvelopeSourceIdentitySignalMetadataTrustProfileEvidenceRecordAuditTrailRecordCertificationClaimConformanceReport
5. Telemetry Envelope
The TelemetryEnvelope is the primary transmission object.
<Snippet file="telemetry-envelope.json" showLineNumbers />
6. Required Fields by Certification Level
| Field Group | Compatible | Verified | Trusted | Assurance |
|---|---|---|---|---|
| sttf_version | Required | Required | Required | Required |
| envelope_id | Required | Required | Required | Required |
| created_at | Required | Required | Required | Required |
| source.source_id | Required | Required | Required | Required |
| source.protocol | Required | Required | Required | Required |
| source.attestation_status | Optional | Required | Required | Required |
| organization.eco_number | Required | Required | Required | Required |
| organization.facility_id | Required | Required | Required | Required |
| organization.asset_id | Optional | Required | Required | Required |
| signal.signal_id | Required | Required | Required | Required |
| signal.value | Required | Required | Required | Required |
| signal.unit | Required | Required | Required | Required |
| quality.quality_flags | Optional | Optional | Required | Required |
| quality.calibration_status | Optional | Optional | Required | Required |
| trust.trust_score | Optional | Optional | Required | Required |
| evidence.evidence_id | Optional | Required | Required | Required |
| evidence.evidence_hash | Optional | Optional | Required | Required |
| audit.audit_chain_id | Optional | Optional | Required | Required |
Below is a production-ready MDX technical specification draft for the STTF™ Certification Framework.
7. Source Identity Object
{
"source_id": "dev_matter_8fa2f5e8",
"source_type": "device",
"manufacturer": "Example Manufacturer",
"model": "Smart Energy Meter X1",
"serial_number_hash": "sha256:9a7d...",
"protocol": "matter",
"protocol_version": "1.3",
"attestation": {
"attestation_status": "verified",
"attestation_method": "matter-dac-pai-chain",
"attestation_verified_at": "2026-06-09T10:12:00Z",
"certificate_fingerprint": "sha256:df83a..."
}
}
Accepted attestation_status Values
[
"not_applicable",
"not_verified",
"pending",
"verified",
"failed",
"revoked",
"expired"
]
8. Signal Metadata Object
{
"signal_id": "energy.electricity.imported",
"signal_name": "Imported Electricity",
"signal_domain": "energy",
"signal_class": "electricity",
"value": 125.43,
"unit": "kWh",
"measurement_type": "cumulative",
"sampling_period_seconds": 300,
"source_mapping": {
"mapping_standard": "USO",
"mapping_version": "uso-0.1",
"source_path": "matter.cluster.0x0406.attribute.imported_energy"
}
}
Required Signal Principles
All certified implementations must:
- Use stable signal identifiers
- Preserve source mapping information
- Declare unit of measure
- Declare measurement type
- Avoid embedding final carbon accounting results at device level
9. Carbon Accounting Boundary
STTF telemetry may carry carbon-accounting context, but must not claim final emissions unless certified as a calculation platform.
Permitted at Device / Gateway Level
{
"carbon_context": {
"carbon_accounting_ready": true,
"calculation_required": true,
"energy_type": "electricity",
"scope_candidate": "scope_2",
"facility_country": "NO",
"grid_region": "NO1"
}
}
Not Permitted at Device Level
{
"estimated_co2e": 2.1
}
Final emissions calculations must be performed by certified calculation systems or platforms.
10. Trust Profile Object
{
"trust_score": 96,
"trust_level": "A",
"trust_method": "sttf-trust-model-v0.1",
"trust_factors": {
"source_identity": 25,
"time_integrity": 10,
"calibration_status": 15,
"signal_quality": 15,
"transport_security": 10,
"historical_consistency": 25
},
"trust_exceptions": []
}
Trust Levels
| Score | Trust Level | Meaning |
|---|---|---|
| 95–100 | A+ | Highest trust |
| 85–94 | A | High trust |
| 70–84 | B | Acceptable trust |
| 50–69 | C | Limited trust |
| 0–49 | D | Low trust |
| N/A | U | Unknown / unscored |
11. Evidence Record
{
"evidence_id": "ev_01HX7M49VMW9R6KMG3ZP9E7YQC",
"evidence_type": "measurement_evidence",
"created_at": "2026-06-09T10:15:32Z",
"subject_envelope_id": "env_01HX7M3Z8F6KQ9A2P1D7C4R0TV",
"hash_algorithm": "sha256",
"evidence_hash": "sha256:6f8c9b7f4e1a3d...",
"signature": {
"signature_algorithm": "ed25519",
"signature_value": "base64:MEUCIQD...",
"signing_key_id": "key_zedge_001"
},
"storage": {
"evidence_uri": "s3://example-bucket/evidence/ev_01HX7M49.json",
"retention_policy": "7_years"
}
}
12. Audit Trail Record
{
"audit_record_id": "atr_01HX7M5B2R9K7X3ZQW4K8V1N0A",
"audit_chain_id": "audit_01HX7M4KQ2VZ0S2G8X9K4A7YQF",
"timestamp": "2026-06-09T10:15:32Z",
"actor_type": "gateway",
"actor_id": "zedge_oslo_001",
"action": "signal_mapped",
"input": {
"source_path": "matter.cluster.0x0406.attribute.imported_energy"
},
"output": {
"signal_id": "energy.electricity.imported",
"unit": "kWh"
},
"rule": {
"rule_id": "map_matter_energy_imported_v1",
"rule_version": "1.0"
},
"previous_hash": "sha256:91ac...",
"record_hash": "sha256:b88e..."
}
Required Audit Events
For STTF Trusted™ and above:
- source_registered
- attestation_verified
- signal_received
- signal_mapped
- quality_checked
- trust_scored
- evidence_generated
- telemetry_published
- telemetry_replayed, where applicable
- configuration_changed, where applicable
13. Certification Claim
A vendor submits a CertificationClaim when applying for certification.
{
"claim_id": "claim_01HX7M6Z3P4T2X8A9V0M1C5N7B",
"applicant": {
"organization_name": "Example Gateway Ltd",
"organization_id": "org_example_gateway",
"contact_email": "certification@example.com"
},
"product": {
"product_name": "Example Sustainability Gateway",
"product_type": "gateway",
"version": "1.2.0",
"deployment_model": "edge_gateway"
},
"certification_target": {
"category": "gateway",
"requested_level": "STTF Trusted"
},
"supported_capabilities": [
"telemetry_envelope",
"source_identity",
"signal_mapping",
"trust_scoring",
"evidence_generation",
"audit_trail"
],
"submitted_artifacts": [
"sample_telemetry_envelopes",
"evidence_records",
"audit_trail_export",
"architecture_document",
"security_document"
]
}
14. Conformance Report
{
"report_id": "conf_01HX7M7R8Q1X5F2D9A0Z3B6C4E",
"claim_id": "claim_01HX7M6Z3P4T2X8A9V0M1C5N7B",
"tested_at": "2026-06-09T12:00:00Z",
"tested_by": "Viroway Standards Initiative",
"result": "pass",
"certification_awarded": {
"category": "gateway",
"level": "STTF Trusted",
"valid_from": "2026-06-09",
"valid_until": "2027-06-09",
"certificate_id": "sttf-gw-trusted-2026-000001"
},
"test_summary": {
"total_tests": 128,
"passed": 126,
"failed": 0,
"warnings": 2
},
"findings": [
{
"severity": "warning",
"code": "CLOCK_DRIFT_MARGIN",
"message": "Clock drift remained within limits but approached warning threshold."
}
]
}
15. Automated Verification System
The STTF Automated Verification System validates certification claims using machine-readable test suites.
15.1. Verification Stages
Submission
↓
Schema Validation
↓
Semantic Validation
↓
Security Validation
↓
Evidence Validation
↓
Audit Reconstruction
↓
Certification Decision
15.2. Test Categories
| Test Category | Purpose |
|---|---|
| Schema Tests | Validate required JSON structure |
| Signal Tests | Validate USO / SSSR signal compatibility |
| Identity Tests | Validate source identity and attestation metadata |
| Trust Tests | Validate trust score and trust factor logic |
| Evidence Tests | Validate evidence hash and signature |
| Audit Tests | Reconstruct chain-of-custody |
| Resilience Tests | Verify replay handling and buffering |
| Security Tests | Validate encryption, signatures and key metadata |
16. Example Automated Test Definition
{
"test_id": "STTF-GW-TRUSTED-001",
"name": "Gateway emits valid telemetry envelope",
"category": "schema",
"required_for": ["STTF Compatible", "STTF Verified", "STTF Trusted", "STTF Assurance"],
"input": "sample_telemetry_envelope.json",
"assertions": [
{
"path": "$.sttf_version",
"operator": "exists"
},
{
"path": "$.signal.signal_id",
"operator": "matches_registry",
"registry": "SSSR"
},
{
"path": "$.signal.unit",
"operator": "exists"
}
],
"failure_severity": "critical"
}
17. Certification Decision Rules
17.1. Pass
Certification awarded when:
- All critical tests pass
- No unresolved high-severity failures remain
- Required artifacts are complete
- Evidence chain can be reconstructed
17.2. Conditional Pass
May be issued when:
- No critical failures exist
- Minor warnings remain
- Remediation plan is accepted
17.3. Fail
Issued when:
- Critical schema failures occur
- Evidence cannot be verified
- Audit chain cannot be reconstructed
- Identity or signature validation fails
- Required security controls are missing
18. Certification Validity
| Level | Validity |
|---|---|
| STTF Compatible™ | 24 months |
| STTF Verified™ | 18 months |
| STTF Trusted™ | 12 months |
| STTF Assurance™ | 12 months |
Recertification is required after:
- Major software update
- Firmware trust model change
- Cryptographic subsystem change
- Signal mapping model change
- Evidence generation change
- Ownership or product identity change
19. Academy Integration
Certification candidates may complete training through:
academy.ecoworld.ai
Recommended Courses
For Developers
- STTF Fundamentals
- Sustainability Telemetry Envelope Design
- Signal Semantics and USO Mapping
- Evidence Generation and Audit Trails
For Gateway Vendors
- Z-Edge Reference Implementation
- Device Attestation and Edge Trust
- Gateway Certification Preparation
For ESG Platforms
- STTF Platform Integration
- Regulatory Telemetry Mapping
- Carbon Accounting Data Boundaries
For Auditors
- Evidence Review
- Chain-of-Custody Reconstruction
- Trust Score Interpretation
- Assurance-Ready Telemetry
20. Reference Implementation: Z-Edge™
Z-Edge™ is the reference implementation of STTF for gateway environments.
Z-Edge demonstrates:
- Multi-protocol telemetry ingestion
- Signal semantic mapping
- Trust scoring
- Evidence generation
- Audit trail creation
- Secure cloud publication
- STTF certification readiness
Z-Edge is not required for STTF certification.
Any implementation may be certified if it conforms to the STTF specification.
21. Minimum Submission Package
Applicants must submit:
{
"required_submission_package": {
"architecture_document": true,
"security_document": true,
"sample_telemetry_envelopes": true,
"sample_evidence_records": true,
"sample_audit_trail": true,
"source_identity_records": true,
"signal_mapping_table": true,
"version_manifest": true,
"known_limitations": true
}
}
22. Version Manifest
{
"product_name": "Example Sustainability Gateway",
"product_version": "1.2.0",
"sttf_version_supported": "0.1",
"schema_versions": {
"telemetry_envelope": "0.1",
"evidence_record": "0.1",
"audit_trail_record": "0.1",
"trust_profile": "0.1"
},
"supported_protocols": [
"matter",
"mqtt",
"opcua",
"bacnet",
"modbus"
],
"supported_certification_levels": [
"STTF Compatible",
"STTF Verified",
"STTF Trusted"
]
}
23. Initial Certification Roadmap
Phase 1: Internal Draft
- Define schemas
- Define test suites
- Validate against Z-Edge prototype
- Align with USO / SSSR
Phase 2: Private Pilot
- Test with selected gateway/device/platform partners
- Validate automated verification
- Produce first internal conformance reports
Phase 3: Public Candidate
- Publish STTF specification
- Publish certification criteria
- Launch public documentation
- Open partner intake
Phase 4: Formal Certification
- Issue first STTF Certified™ badges
- Launch certified product directory
- Launch training and assessor pathways
24. Certification Badge Metadata
Each certified product must expose badge metadata.
{
"certification_badge": {
"badge_name": "STTF Gateway Certified™",
"level": "STTF Trusted",
"certificate_id": "sttf-gw-trusted-2026-000001",
"issued_to": "Example Gateway Ltd",
"product_name": "Example Sustainability Gateway",
"product_version": "1.2.0",
"valid_from": "2026-06-09",
"valid_until": "2027-06-09",
"verification_url": "https://standards.viroway.org/certificates/sttf-gw-trusted-2026-000001"
}
}
25. Core Rule
STTF certification validates the integrity of sustainability telemetry infrastructure.
It does not replace:
- Legal assurance
- Financial audit
- CSRD assurance
- Carbon accounting methodology review
- Regulatory reporting responsibility
STTF provides the technical evidence layer that makes those processes more trustworthy, automated and scalable.
© Viroway Standards Initiative 2026
STTF™ and related certification marks are trademarks of Viroway Ltd.
The following are the base technical standard behind standards.viroway.org.
JSON Schema Artifacts (stored in AWS S3):
- audit-trail-record.schema.json
- certification-badge.schema.json
- certification-claim.schema.json
- common-definitions.schema.json
- conformance-report.schema.json
- evidence-record.schema.json
- signal-metadata.schema.json
- source-identity.schema.json
- telemetry-envelope.schema.json
- trust-profile.schema.json
- version-manifest.schema.json