The rapid expansion of the Internet of Things (IoT) has introduced a diverse set of devices operating in constrained environments, raising critical security concerns in domains such as smart homes, industrial automation, and healthcare. Many IoT ecosystems use lightweight wireless protocols for low-power, short-range communication. While these protocols embed security mechanisms, their alignment with formal cybersecurity assurance frameworks remains insufficiently studied. Drawing primarily on recent peer-reviewed journals and reputable conference proceedings, we evaluate Thread, Zigbee and Z-Wave against the Common Criteria (CC) Functional Requirements for Cryptography (FCS), as defined in CC:2022 and the European Union Cybersecurity Certification Scheme (EUCC). The assessment focuses on key CC components, including cryptographic key generation (FCS_CKM.1), distribution (FCS_CKM.2), agreement (FCS_CKM_EXT.7), operations (FCS_COP.1), and random bit generation (FCS_RBG.1). Our findings show that Thread demonstrates the strongest alignment with CC requirements, leveraging AES-CCM authenticated encryption and ECDH-based key exchange within a flexible, decentralized trust model. Zigbee provides comparable cryptographic strength but its reliance on a centralized Trust Center complicates compliance with key management lifecycle controls. Z-Wave has improved with the S2 Security framework, adopting ECDH exchanges, but still faces challenges due to proprietary constraints and limited transparency. This comparative analysis highlights that while all three protocols provide baseline security, only Thread is aligned with CC and EUCC certification schemes. Achieving compliance for Zigbee and Z-Wave will require protocol hardening and stricter cryptographic key lifecycle management. Aligning IoT protocols with CC is essential for building trust and resilience in critical connected systems.