I've a number of secure clients who don't report ASUP data to Active IQ. With a normal client I'd easily identify Security Vulnerabilities and Best Practices using Active IQ - it works great! However I can't do this with these secure clients.
Sadly the Security Advisories page doesn't allow filtering by ONTAP version (that would be too easy!). I have considered using Config Advisor since I believe it highlights vulnerabilites but I can't remove the ASUP data from the clients and similarly, I can't easily install it on the client side and then keep it updated regularly.
If the customer does not yet have a Support Account Manager service, please engage with your local NetApp team to obtain one for them. We have a tool called "meerkat" which we can use to do local processing of risks and vulnerabilities for secure environments.