TD0659 modified FCS_CKM.1/AK in the App1.4 PP.  

MODVPNC2.4 modifies the same SFR in Section 5.3.1.1, but it has not been updated to align with the SFR changes made in TD0659.

The following change is made to FCS_CKM.1/AK in Section 5.3.1.1 in PP_VPNC_V2.4, with strikethrough denoting deletion and underline denoting addition:

FCS_CKM.1.1/AK 

The application shall [selection, choose one of:

• invoke platform-provided functionality,
• implement functionality

] to generate asymmetric cryptographic keys in accordance with a specified cryptographic key generation algorithm 

[ECC schemes] using [“NIST curves” P-256, P-384 and [selection: P-256, P-521, no other curves]] that meet the following:[FIPS PUB 186-4, “Digital Signature Standard (DSS)”, Appendix B.4], and,

[selection:

• [FFC schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: FIPS PUB 186-4, “Digital Signature Standard (DSS),” Appendix B.1,
• [FFC schemes] using Diffie-Hellman group 14 that meet the following: RFC 3526, Section 3,
• [FFC Schemes using “safe-prime” groups] that meet the following: ‘NIST Special Publication 800-56A Revision 3, “Recommendation for Pair-Wise Key Establishment Schemes Using Discrete Logarithm Cryptography” and [selection: RFC 3526, RFC 7919],
• [RSA schemes] using cryptographic key sizes of [2048-bit or greater] that meet the following: [FIPS PUB 186-4, “Digital Signature Standard (DSS),” Appendix B.3],
• no other key generation methods

]

See issue description.