I just had a security scan done against my cluster running AOS 5.5.6 and the only 'high' risk that came back was with cve-id CVE-1999-0548 (NFS Server Without Shares Detected):
A superfluous NFS server that is not sharing any file systems has been detected.
How to Fix;
Disable the NFS server.
Obliviously, I don't think I want to disable the NFS server service on all of my cvm's - is there any official documentation that I can share with my peers to support this so that I can get an exemption from this risk on these systems?