In the material Information and Computer Security

Please explain these $4$ items from the "Cybersecurity Toolkits: Web Application Protection Policy" in General Requirements

$1.$ External web applications must be protected by a web application firewall $($WAF$)$ from external attacks.

$2.$ External web applications must follow the $($Multi$-$tier Architecture$)$ principle, with at least $(2-$tier Architecture$).$

$3.$ Only secure communication protocols $($such as HTTPS$,$ SFTP$,$ TLS$,$ etc.$)$ must be used.

$4.$ Web application cybersecurity architecture requirements must be defined to ensure that the web applications are designed and deployed in a secure manner.