The SFR in v3.2 currently lists this selection as the first available in the requirement:
[selection: IPsec in accordance with the PP-Module for VPN Client, mutually authenticated DTLS as defined in the Package for Transport Layer Security]
The problem is that neither of these two selections is mandatory, and so could end up with the case where neither is selected. There is no option for "no other methods" here. There is a "no additional uses" selection in the second selection in the SFR, but it is clear that the first selection is specifically for transport methods while the second is for signing and other uses.
There should be an option in the first selection to allow for a "no additional methods".
The SFR in v3.2 currently lists this selection as the first available in the requirement:
The problem is that neither of these two selections is mandatory, and so could end up with the case where neither is selected. There is no option for "no other methods" here. There is a "no additional uses" selection in the second selection in the SFR, but it is clear that the first selection is specifically for transport methods while the second is for signing and other uses.
There should be an option in the first selection to allow for a "no additional methods".