I work in the network security space for a company that does testing against criteria. In fact I am responsible for the authouring of most of that criteria.
What HBMTN said is accurate. While the folks at NIST and the NSA/NIAP like what we are doing and privately say they wish they could mandate the use of our testing and certification services they cannot. They can only mandate a gov't run and controlled service with public criteria that any lab can test against.
The only thing we can do is either become a gov't accredited lab or work to make our testing and certification req'ts the defacto industry standard. That is what UL and NSF have done and have done well.
Weber Performer w/smokenator
When all else fails just ask yourself, WWGALD???