Yes, those stylebooks should be applicable to 14.1 as well. Just to clarify on the protecting apps behind the VPN, that would be true for https://docs.citrix.com/en-us/tech-zone/build/deployment-guides/secure-private-access-on-premises.html? Yes, you're absolutely correct. Be it a published app or an internal private app, you can use WAF today to secure them by binding AppFw policies to the VPN server.
Akhil Nair's post in How do you enable Security analytics on ADM service for NS 14.1 VPN server? was marked as the answer