diff --git a/test/cnspec/check-certificate.mql.yaml b/test/cnspec/check-certificate.mql.yaml
index cc73e8f1..93be46ba 100644
--- a/test/cnspec/check-certificate.mql.yaml
+++ b/test/cnspec/check-certificate.mql.yaml
@@ -5,23 +5,22 @@
 policies:
   - uid: check-certificate
     name: Check Mondoo's public code signing certificate
-    version: "1.0.0"
+    version: 1.1.0
+    tags:
+      mondoo.com/category: security,certificate
+      mondoo.com/platform: local
     authors:
       - name: Mondoo Inc
         email: hello@mondoo.com
-    tags:
-      mondoo.com/platform: local
-      mondoo.com/category: security,certificate
-    specs:
-      - asset_filter:
-          query: asset.family.contains( _ == 'linux' )
-        scoring_queries:
-          check-certificate-not-expired:
+    groups:
+      - filters: asset.family.contains("unix")
+        checks:
+          - uid: check-certificate-not-expired
+
 queries:
   - uid: check-certificate-not-expired
     title: Ensure the code signing certificate is not expired
     docs:
       desc: |
         Code Signing Certificates are used by Mondoo to digitally sign executables, packages and scripts as a way for end-users to verify that the code they receive has not been altered or compromised by a third party.
-    query: parse.certificates('public-code-signing.cer') { expiresIn.days > 30 }
-
+    mql: parse.certificates('public-code-signing.cer') { expiresIn.days > 30 }
diff --git a/test/cnspec/check-gpg.mql.yaml b/test/cnspec/check-gpg.mql.yaml
index d8d3c400..0ebcfbf8 100644
--- a/test/cnspec/check-gpg.mql.yaml
+++ b/test/cnspec/check-gpg.mql.yaml
@@ -5,27 +5,22 @@
 policies:
   - uid: check-gpg
     name: Check Mondoo's public package signing key
-    version: "1.0.0"
+    version: 1.0.0
+    tags:
+      mondoo.com/category: security,gpg
+      mondoo.com/platform: local
     authors:
       - name: Mondoo Inc
         email: hello@mondoo.com
-    tags:
-      mondoo.com/platform: local
-      mondoo.com/category: security,gpg
-    specs:
-      - asset_filter:
-          query: asset.family.contains( _ == 'linux' )
-        scoring_queries:
-          check-gpg-not-expired:
+    groups:
+      - filters: asset.family.contains("unix")
+        checks:
+          - uid: check-gpg-not-expired
 queries:
   - uid: check-gpg-not-expired
     title: Ensure the package signing gpg key is not expired
     docs:
       desc: |
         GPG keys are used by Mondoo to digitally sign Linux/ UNix packages as a way for end-users to verify that the packages they receive has not been altered or compromised by a third party.
-    query: |
-      parse.openpgp( path: "./public-package-signing.gpg" ).all(
-        identities.all(
-          signatures.all( keyExpiresIn.days > 30 )
-        )
-      )
\ No newline at end of file
+    mql: |-
+      parse.openpgp( path: "./public-package-signing.gpg")[0]{ identities{ signatures{ keyExpiresIn.days > 30  } } }