Application-to-Controller NBI Security: Is there strict RBAC (Role-Based Access Control) for applications accessing the controller APIs? Audit the use of TLS 1.3 (with mutual authentication) for the Northbound Interface.

Controller-to-Device SBI Integrity: Is the Southbound Interface (e.g., OpenFlow, P4, NETCONF) secured with TLS or SSH? Audit the switch-to-controller authentication (Certificate-based).

NBI Rate-Limiting: Is there protection against API flooding from rogue applications?

Flow Modification Auditing: Are all flow rule insertions/deletions logged in a tamper-proof audit trail?

Conflict Resolution Policies: Does the controller have a deterministic conflict resolution mechanism for multiple applications requesting the same flow? Audit for "Shadowing" flow rules that might bypass security policies.

Topology Discovery Poisoning: Is there protection against LLDP (Link Layer Discovery Protocol) spoofing to prevent network topology poisoning?

vSwitch Isolation: Audit the isolation between virtual switches (e.g., Open vSwitch) on the same physical host. Is there protection against cross-VM traffic leakage?

Packet-In Mitigation: Does the controller have "Packet-In" rate limiting to prevent controller-plane DoS ?