FCS_IPSEC_EXT.1.14 CNSA compliance #31
Description
FCS_IPSEC_EXT.1.14 will need to be updated or removed in this version to be fully CNSA 1.0 compliant.
A CNSA 1.0 and 2.0 compliant implementation can only use AES-256-GCM as a symmetric algorithm so this will automatically be true as long as there are separate SFRs requiring a particular symmetric algorithm for both the IKEv2 SA and the CHILD SA.
Also IKEv1 will need to be removed as a selection.