SSH Extended Package (deprecated) is referenced in multiple places. These references should be replaced with the superseding "SSH Functional Package". Also, the conformance claim needs to be updated to include the SSH package.

The following update is made to PP-CA_v2.1 Common Criteria Terms, with red highlighted strikethroughs denoting deletions and green highlighted underlines denoting additions:

1.1.1 Common Criteria Terms

Table 1 – Common Criteria Terms

The following update is made to PP_CA_V2.1 Section 2 (Conformance Claims), with red highlighted strikethroughs denoting deletions and green highlighted underlines denoting additions:

Package Claim

This PP does not claim conformance to any packages is SSH Package Version 1.0 Conformant.

The following updates are made to the Application Notes of the following SFRs and SARs in PP-CA_v2.1, with red highlighted strikethroughs denoting deletions and green highlighted underlines denoting additions:

FIA_X509_EXT.2.2

Application Note: The TSF may rely on the Operational Environment to perform certificate handling functionality in cases where the TOE relies on an environmental component to provide trusted remote communications. If the ST author selects SSH, the TSF shall be validated against the Extended Functional Package for Secure Shell.

...

ATE_IND.1 Independent Testing – Conformance

Application Note:

If the ST author selects SSH, the TSF shall be validated against the Extended Functional Package for Secure Shell

FTP_ ITC.1.3

Application Note: The intent of the above requirement is to use a cryptographic protocol to protect external communications with authorized IT entities that the TOE interacts with to perform its functions. While there are no requirements on the party initiating the communication, the ST author lists in the assignment for FTP_ITC.1.3 the services for which the TOE can initiate the communication with the authorized IT entity (it is acceptable to assign “no services” for FTP_ITC.1.3 if the TOE does not initiate any of the covered connections). Note that SSH is not included because this protocol is not used by the TSF to connect to other components. If the ST author selects SSH, the TSF shall be validated against the Extended Functional Package for Secure Shell

FDP_ITT.1.1

Application Note: This requirement ensures all communications between components of a distributed TOE is protected through the use of an encrypted communications channel. The data passed in this trusted communication channel are encrypted as defined by the protocol chosen in the first selection. The ST author chooses the mechanism(s) supported by the TOE, and then ensures the detailed requirements in Annex C corresponding to their selection are copied to the ST if not already present.

If SSH is selected, the TOE is expected to conform to the Extended Functional Package for Secure Shell.

FPT_ITT.1.1

Application Note: This requirement ensures all communications between components of a distributed TOE is protected through the use of an encrypted communications channel. The data passed in this trusted communication channel are encrypted as defined the protocol chosen in the first selection. The ST author chooses the mechanism(s) supported by the TOE, and then ensures the detailed requirements in Annex B corresponding to their selection are copied to the ST if not already present.

If SSH is selected, the TOE is expected to conform to the Extended Functional Package for Secure Shell.

The conformance claims section and applicable SFRs need to be updated to use the SSH Functional Package