I don't think IETF guidance alone will suffice. It may require legislative mandate.
In the U.S., Senator Edward Markey and Representative Ted Lieu have introduced legislation called the Cybershield Act. The intention is to create a product labelling system for IoT devices, in hopes consumers are made more aware of these issues and hopefully buy products that are certified. https://www.markey.senate.gov/imo/media/doc/CyberShield%20bill.pdf “The Cyber Shield Act will establish an advisory committee of cybersecurity experts from academia, industry, consumer advocates, and the public to create cybersecurity benchmarks for IoT devices, such as baby monitors, cameras, cellphones, laptops, and tablets. IoT manufacturers can voluntarily certify that their product meets those cybersecurity and data security benchmarks, and display this certification to the public.” https://www.markey.senate.gov/news/press-releases/senator-markey-and-rep-lie...