No, you can't. That isn't how security works. Your offensive adversary follows no rules. They exist to break any rules you can think of. You can make all the rules you want and you can test people on their knowledge of them. Hackers do not care.
On the defense side, they simply do not work. Everybody gets hacked. The best companies with the biggest security budgets employing people at the cutting edge of security research still get hacked. Security experts get hacked. If the best in the industry still haven't solved this problem, you can't even begin to make the framework that you're proposing.
The discipline cannot be described as experts dealing with interacting complex systems of rules.
Illness doesn't follow rules the doctor dictates. Rainfall and earthquakes aren't set by the engineering boards. How people adjust, prepare, and respond are where the rules humans can set work. Everything else is unchangeable rules.
In computers, as in some parts of law, we have ample opportunity to address underlying rules as well as the rules around how we adjust, prepare, and react.
People still die. People still lose lawsuits. I-85 still partially collapsed. Yet people can be certified as knowing and following best practices in those fields.
On the defense side, they simply do not work. Everybody gets hacked. The best companies with the biggest security budgets employing people at the cutting edge of security research still get hacked. Security experts get hacked. If the best in the industry still haven't solved this problem, you can't even begin to make the framework that you're proposing.
The discipline cannot be described as experts dealing with interacting complex systems of rules.