A Digitalized Quality-Management Framework and Automation-Ready Compliance Architecture for Cybersecurity Testing Laboratories: An ISO/IEC 17025:2017 Crosswalk and Exploratory Case Study

Cybersecurity testing laboratories must produce auditable conformity evidence while operating with rapidly changing toolchains, conditional requirements, and qualitative PASS/FAIL/INCONCLUSIVE outcomes. ISO/IEC 17025:2017 is widely used to demonstrate laboratory competence, yet its operationalisation in cybersecurity testing remains under-specified for software- and tool-driven security assessments. This paper separates an architectural contribution from an empirical contribution. The architectural contribution is a digitalized quality-management framework and automation-ready compliance architecture that translate ISO/IEC 17025 clauses into cybersecurity-specific artefacts, decision rules, controlled toolchains, evidence bundles, and review workflows. The empirical contribution is an exploratory single-laboratory case study based on unpublished, anonymised, and confidentiality-constrained laboratory artefacts: an ETSI TS 103 701 workbook with 68 provision-level test groups, including 41 claimed/applicable rows for ambiguity analysis; an IEC 62443 corrective-action plan; and ISO/IEC 17025 governance records. Within this case, structured decision rules and evidence traceability reduced the Conformity Statement Ambiguity Index from 0.976 to 0.049 and converted 37 previously INCONCLUSIVE provisions into PASS determinations. These results are reported as descriptive within-case evidence only; they do not establish predictive validity or cross-laboratory generalisability. The study contributes a clause-to-artefact crosswalk, a concrete evidence-traceability architecture, and candidate cyber-maintenance indicators for future multi-laboratory validation.