FCS_IPSEC_EXT.1.6 in MOD_VPNGW_V1.2 incorrectly labeled two AES-GCM algorithms as AES-CBC.

FCS_IPSEC_EXT.1.6 in MOD_VPNGW_V1.2 is modified as follows, with strikethrough denoting deletions and underline denoting additions:

FCS_IPSEC_EXT.1.6         The TSF shall ensure the encrypted payload in the [selection: IKEv1, IKEv2] protocol uses the cryptographic algorithms [selection: AES-CBC-128, AES-CBC-192, AES-CBC-256 (specified in RFC 3602), AES-GCM-128, AES-CBC-192, AES-CBCGCM-256 (specified in RFC 5282)].

Application Note: This element is unchanged from its definition in the Base-PP to remove AES-GCM-192, which is not recommended. AES-CBC implementation for IPsec is specified in RFC 3602. AES-GCM implementation for IPsec is specified in RFC 5282.

RFC 5282 specifically calls out AES-GCM-192 as not recommended, so it should be removed from an option.