Would like to understand how IoT or Consumer software companies do their cyber security assessment and certficationhttps://www.nist.gov/system/files/documents/2021/11/01/Draft%20Consumer%20Software%20Labeling.pdf

I am interested in understanding how companies that make IoT devices or consumer software, assess their products against cybersecurity and get certified (certifications like CTIA https://ctiacertification.org/program/iot-cybersecurity-certification/)

NIST (https://www.nist.gov/) is recommending that these products have labeling that shows the consumers how secure the product is. I am trying to understand the process (how the SW/HW is shared with the assessing company , turn around time etc) of assessment and certification. I also would like to know, if the assessment is not done, why not?

If you or anyone you know is willing to spend about 30 mins with me, please let me know. Greatly appreciate your time.