Is there a recommended/supported/tested list of group policy settings that can be used for securing Plant Scada 2020 R2 running on Windows server?

If there is any issue with the Microsoft updates and Windows server in relation to Citect then there will be status mentioned in the security central, Please select Citect from dropdown
https://softwaresupportsp.aveva.com/#/securitycentral

Plant SCADA security involves three key areas:

1. Encrypted communications - a System Management Server is used to manage certificates that allow encrypted communications between Plant SCADA computers (see Encrypted Communications).
2. Security Roles - security-related operations within Plant SCADA's engineering and runtime environments can only be performed by users assigned to a role with relevant permissions (see Security Roles).
3. Runtime System Security - settings within a Plant SCADA project that control permissions within the runtime environment (see Runtime System Security).

General considerations  for security ,please refer below link: The below link will provide detailed information of the following areas:

Security Area	Reference Section
Physical and virtual access to the host	General Guidelines for Securing the Host
Latest Windows patches applied	Windows Updates
Protecting the host from viruses and malware	Scanning the Host
Access to content on the host	Protecting the Applications and Content on the Host
Securing your network	Securing the Network
Configuring services and ports	Managing Network Services and Ports
Securing client/server communication	Securing Communication between the Client and Server
User and group management	Securing Systems through Authentication and Authorization
Planning for emergencies	Contingency Planning