Referencing this document: 000033354 - How to enable or disable strict TLS 1.2 mode in RSA Authentication Manager 8.2
These instructions are very clear but seem to assume the existence of a web tier in Step 6.
What (if any) additional steps are necessary to set up TLS 1.2 if my deployment does NOT have a web tier?
No extra steps.
A web tier is essentially an advanced, RSA-specific proxy server, that can sit on your DMZ
and allow 'world' access to your self service functions, ctkip, and also RBA from edge devices.
Web tiers are optional, and most updates to web tiers are done by making
an update or change to your RSA servers first, then pushing the new update
or change out to the web tiers.