If you've manually created the attack signature set and added the relevant signatures, I think you can safely ignore the error. Though I'd suggest opening a case with F5 Support to get confirmation of this and ask them to address the issue in the product.
I have several customers who have to jump through hoops every time they try to replicate their ASM configuration between various test environments through to the live environment using just the ASM policy because the attack signatures are not included in the policy. You've cited CR109139. CR109140 is a related RFE. If you haven't already, I'd suggest opening a case with F5 Support and asking them to fix this issue in the product. It's been listed as a request for enhancement even though we've lost functionality since attack signatures were introduced.
Aaron