CMMC Practice SC.5.208
Employ organizationally defined and tailored boundary protections in addition to commercially available solutions.
Bold Coast Security Guidance
Going beyond the standard configurations and default settings is a critical aspect of a highly mature program. for Level 5 compliance, an organization must devote time to information gathering, analysis, and the creation of action items that convert knowledge of their environment into another layer of protections that a hacker doesn't expect to find. These controls serve as a powerful deterrent to "work effort" by a cyber criminal. The more novel and unexpected, the more it will encourage the bad guys to look elsewhere.
Advanced adversaries study and analyze standard commercial security solutions and standard configurations of those systems. They develop and test attack techniques that will not be mitigated by those solutions . Tailoring protections forces the adversary to confront a security solution or configuration that they have not seen anywhere else. They will not have developed a way around it.