SSH Extended Package (deprecated) is referenced in multiple places. These references should be replaced with the superseding "SSH Functional Package". Also, the Conformance Claims section needs to be updated to include the SSH package and TLS package.

The following update is made to MOD_VPNC_V2.4 Section 2 (Conformance Claims), with red highlighted strikethroughs denoting deletions and green highlighted underlines denoting additions:

Package Claim

This PP does not claim conformance to any packages is SSH Package Version 1.0 Conformant when used in a PP-Configuration with App PP v1.4, OS PP v4.3, or MDM PP v4.0.

This PP-Module is TLS Package Version 1.1 Conformant when used in a PP-Configuration with App PP v1.4.

The following update is made to FIA_X509_EXT.2.1 in MOD_VPNC_V2.4, with red highlighted strikethroughs denoting deletions and green highlighted underlines denoting additions:

FIA_X509_EXT.2.1

The TSF shall [selection:

...

- use X.509v3 certificates as defined by RFC 5280 to support authentication for

- IPsec as defined in the PP-Module for VPN Client and

   [selection:

- HTTPS in accordance with FCS_HTTPS_EXT.1,

- TLS as defined in the Package for Transport Layer Security,

- DTLS as defined in the Package for Transport Layer Security,

- SSH as defined in the Extended Functional Package for Secure Shell,

- no other protocols

   ], and [selection:

- code signing for system software updates,

- code signing for integrity verification,

- policy signing,

- [assignment: other uses],

- no additional uses

   ]

].

The following updates are made to FTP_ITC.1.1/1  in MOD_VPNC_V2.4, with red highlighted strikethroughs denoting deletions and green highlighted underlines denoting additions:

FTP_ITC.1.1/1

Refinement: The TSF shall implement functionality using IPsec as defined in the PP-Module for VPN Client, and [selection:

- SSH as defined in the Extended Functional Package for Secure Shell,

- mutually authenticated TLS as defined in the Package for Transport Layer Security,

- mutually authenticated DTLS as defined in the Package for Transport Layer Security,

- HTTPS in accordance with FCS_HTTPS_EXT.1

- no other protocols

]

...

The following updates are made to FTP_TRP.1.1/1  in MOD_VPNC_V2.4, with red highlighted strikethroughs denoting deletions and green highlighted underlines denoting additions:

FTP_TRP.1.1/1

Refinement: The TSF shall implement functionality using IPsec as defined in the PP-Module for VPN Client, and [selection:

- TLS as defined in the Package for Transport Layer Security,

- HTTPS in accordance with FCS_HTTPS_EXT.1,

- SSH as defined in the Extended Functional Package for Secure Shell,

- no other protocols

]

...

The conformance claims section and applicable SFRs need to be updated to use the SSH Functional Package