Nato warns of strike against cyber attackers

Checklists come in handy in fact if many were followed (BCP
checklists, appropriate industry standard fw, system rules)
the net would be a cleaner place.

Sensible checklists that actually improve matters, yes.

The audit checklists I've often been subjected to, full of security theatre and things that are "accepted auditor wisdom" rather than contributing to the security of the network in any meaningful way, not so much.