The NIT has issued a technical decision for Clarify authentication methods SSH clients can use to authenticate SSH servers

12/18/2019: Updated to also apply to NDcPP v2.0E and FWcPP 2.0E

The following text shall be modified in the cPP:

FCS_SSHC_EXT.1.9 The TSF shall ensure that the SSH client authenticates the identity of the SSH server using a local database associating each host name with its corresponding public key and [selection: a list of trusted certification authorities, no other methods] as described in RFC 4251 section 4.1.

For further information, please see the NIT interpretation at: https://www.niap-ccevs.org/Documents_and_Guidance/ccevs/NITDecisionRFI201911rev2.pdf

See issue description