Is Bogon access-list required if CEF is enabled on a device ?
the Bogon access-list is not required to have CEF to work on the device.
The implementation of the bogon ACL usually happens on the signalling plane and on the border router external interface:
you shouldn't accept routing updates for networks that are bogons (RFC1918 private ip addresses, some oddy networks, your own public ip address range)typically on eBGP sessions.
and you should drop packets sourced by an ip address that is in a bogon network.
These practices are recommended on border routers facing internet connections.
see for example
CEF is more concerned with the number of entries in the routing table if that number is higher then what can be handled by CEF problems occur with some flows that are process switched instead of CEF switched with higher cpu usage and also sometimes some flows can be blackholed /lost inside the device (seen in a multilayer switch for a bug).
Hope to help