What were the basis for the security config guide, did you follow some directives, guidance ?
Thanks for the time
The guide has been around for around a decade and Pre-dates directives such as PCI. In fact, most PCI, HIPAA & DISA type directives use this guide as the basis for their requirements. This guide would be considered "vendor best practices" or something similar.