Hi Robert,
there isn't one single document which will cover all of these areas.
There are however documents which cover specific areas which you will probably find useful (All of these documents are available at
http://www.cisco.com/en/US/partner/products/ps11337/products_installation_and_configuration_guides_list.html)
:
Basic VCS Control/Expressway configuration guide (Mentioned earlier by Sudheer):
http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Basic_Configuration_Cisco_VCS_Control_with_Cisco_VCS_Expressway_Deployment_Guide_X7-1.pdf
Device authentication:
http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Authenticating_Devices_Deployment_Guide_X6-1.pdf
Using certificates:
http://www.cisco.com/en/US/docs/telepresence/infrastructure/vcs/config_guide/Cisco_VCS_Certificate_Creation_and_Use_Deployment_Guide.pdf
Regarding the use of allow/deny lists for registrations (Which really is not a proper security measure but rather obfuscation, and could be used in combination with authentication) and the use of CPL for preventing unauthorised access to specific resources such as ISDN gateways, please refer to the VCS Admin guide for X7.1.
The admin guide as well as the VCS Control/Expressway Basic Configuration guide has a set of example CPL scripts which should be useful.
As far as Telnet and SNMP goes, these are disabled by default on an X7.1 VCS (Since they are considered "unsecure" protocols).
Advanced Account Security (AAS) mode is also described in the VCS admin guide.
Hope this helps,
Andreas
