Security Hardening Options

I like the look of the new security features of the bsdinstaller on FreeBSD11-RC1
I am using clear tmp at startup.

Looking good. Keep up the great work.
The new FreeBSD 11 bsdinstaller clock and calendar feature are nice too.
Especially useful on platforms without an RTC.
It's great to see hardening options appear in the installer, but it is a shame that they are all off by default. I have been creating some post-install scripts based on this work.
I would say following STIGs from the Defense Information Systems Agency is probably the best advice to use for securing a computer.

It is a shame that DISA do not provide a STIG for FreeBSD, as their docs for other OSes are quite good. The Center for Internet Security FreeBSD Benchmark is dated 2005 and relates to FreeBSD 4.10, some of it is still useful. The last decent books (here and here) on the topic was also 2005/7.

Apart from some misc hardening scripts on various websites, there isn't much recent guidance for FreeBSD. The Design and Implementation of the FreeBSD Operating System talks about things like Capsicum/MAC, but doesn't go into day-today security topics. Colin Percival (ex FreeBSD Security Officer) mentioned on Twitter earlier this year that he might be writing a new article on FreeBSD security, but I haven't seen anything yet.