During the review period of the draft ESC EP v1.0, numerous comments were submitted regarding the mandate of IPsec in the EP.  Based on these comments, IPsec was removed from the EP as a mandatory requirement and the protocol was moved as a selectable option in all other relevant requirements.

FIA_X509_EXT.2.1  
The TSF shall use X.509v3 certificates as defined by RFC 5280 to support authentication for [selection: IPsec, TLS, HTTPS, SSH, no other protocols], VVoIP endpoint registration, and [selection: code signing for system software updates, code signing for integrity verification, [assignment: other uses], no additional uses].

Application Note:  
The NDcPP requires the ST author to select the protocol(s) that certificate authentication is used for. Additional protocols may or may not be selected depending on the other functionality provided by the TSF.

IPsec should be an optional selection along with TLS, HTTPS, and SSH in FIA_X509_EXT.2.1.  IPSec was removed as a mandatory requirement and has been included as a selection in all other relevant requirements within the EP.