Generally speaking, you can apply ESXi hardening from VMware, and for NetApp HCI there are 2 components:
a) Management Node (mNode and HCC that runs on it) - VM (which should be exposed to only vCenter).
b) NetApp HCI Storage (Management Interfaces) - Management IP of every storrage node, and one Management Virtual IP. These need to be exposed to vCenter (for management purposes) and possibly other hosts that live on Management Network (e.g. backup management system, if it needs to use SolidFire snapshots, for which it needs to talk to Management Virtual IP of storage).
Assuming mNode, HCC and vCenter can connect to ADS/LDAP, you could use AD/LDAP based account aliases or group aliases, to eliminate the use of local NetApp HCI cluster admin account, and manage password expiration and complexity via AD/LDAP. There's also MFA if you want/need that. You can also use KMIP to entrust encryption keys to external Key Manager (by default NetApp HCI cluster manages encryption keys used to encrypt SED disks).
I would definitively recommend to generate and upload own CA-generated TLS certificates to MVIP and mNode.
If you want to harden iSCSI (Storage Network) security, you can introduce more complex access (CHAP + VLAN + Access Groups), but that may require reconfiguration of your existing networks (which may be impossible without downtime, but this depends on your details and number of compute nodes - if you have just 2-3 and want to introduce new VLANs, you may need to schedule downtime to make significant changes to vSphere networking).