Most communication between SmartConsole and Security Management is CPM today (and this was hardened), but some features are still relying on old CPMI and so you are right: We cannot disable TLS 1.0 completly on Security Management today.
However: SmartConsole (and SmartDashboard) is using TLS 1.2 these days for CMPI. It is just that the server side on Smart Management would also accept a TLS 1.0 connection and this is what is relevant when doing security assessments/audits.
The full answer I got from TAC last summer was (rephrased and not a direct quote, because I'm not sure if I'm allowed to post it here):
For CPMI (FWM) it is possible to change cipher/protocol settings by applying a command with a special flag.
This was provided over a RFE with Check Point local office and was made available having a specific customer environment been taking into consideration.
TAC declined to provide this command based on a normal TAC case (backed up by TAC management). If a customer really needs it, a RFE should been raised at local Check Point office.
They also said, that there was a very good reason this command was not documented anywhere even after the original RFE and it was not meant to be used as a solution for anything just yet.
For me this sounds like: untested, no general support and they do not believe this will work in normal environments. Thats why I have it with "not possible" in my table.
Maybe there will be a day, Check Point R&D finished the replacement of CPMI with CPM 🙂