It might be a bit late but why on earth do we have two separate configuration management tools (FWSM & NCM)? We have had NCM for a long while now and the features you have crammed into FWSM should have just be done in NCM not segment off into a different product. I use ACLs in my routers and some of my switches too and all my network devices could benefit from dead config pruning.
Seems like you now have two groups focused on a lot of the same stuff (Compliance Reports in both FWSM & NCM) and features that clearly fit into NCM scope but intentionally excluded and pushed into FWSM. Seems like now you have to intentionally separate features that should have just gone into NCM.
Just merge them already.
</rant>