Whenever I join a new organization I run through this checklist to see what improvements there are to be made. Some are easier and quicker wins than others. I like to address the easy wins first to show value early on. I plan on making posts related to each item and linking them here.
AAA TACACS+ / RADIUS
BPDU Guard
Certificate strength
Certificates self-signed / CA-signed
Change Control
Config MGMT / backup / revision control
Correct Bandwidth statements on interfaces
DCIM
DHCP settings / Snooping
Diagrams
DNS / Hostnames
EOL HW / SW
Firmware standard
HA Hardware
HA WAN / Internet connection
IPAM
Jumpboxes
Knowledge Base
Line vty / con / aux
Logging local / remote Syslog
Loopback / MGMT IP / interface
MAC security
Monitoring and alerting
NAC / 802.1x / dot1x
NetFlow / Top Talkers
NTP
Out Of Band MGMT
PW policy
SDWAN
SNMPv3
SSHv2
Stolen BGP ASN
Stolen Public IP space
STP
UTC Time Zone
Vendor Contacts and recurring meetings
VLAN names
VLAN numbers