In the current version of the NDcPP there is a cryptographic Security Functional Requirement (SFR) called FCS_SSH*_EXT.1.8. On the face of it, FCS_SSH*_EXT.1.8 is a fairly straightforward SFR with a relatively straightforward means to enforce it:
FCS_SSHS_EXT.1.8: The TSF shall ensure that within SSH connections the same session keys are used for a threshold of no longer than one hour, and no more than one gigabyte of transmitted data. After either of the thresholds are reached a rekey needs to be performed.
However, it is vitally important to read the application note (Application Note 102 in NDcPP v2.0+20180314) that follows this SFR element, because one small detail appears to be catching vendors by surprise:
For the maximum transmitted data threshold, the total incoming and outgoing data needs to be counted.