Looking for assistance on IoT risk assessment / threat assessment

I'm looking at a requirement to provide documentation of risk assessment for an IoT product. In order of preference, this would be 1) risk assessment based on NIST SP 800-30r1, 2) risk assessment based on other formats/structures; 3) a threat assessment only.

This hunt-for-examples is based on a discussion of the amount of work required to document a proper risk assessment / threat assessment, and also en route to helping new folks appreciate what would be in it.

I'm not looking to avoid RA/TA, it's required. The the security architect is a hypothetical person on a hypothetical IoT project. He/she should have done the work. We're trying to understand the documentation side of it.

Any examples/links? Or at least "we did this for our IoT product, followed this format, and it was NN pages" kind of info? Thanks in advance to my IoT peeps.