Supplementary Cybersecurity Information (Article 55 – EU 2019/881)

Product: U-Raze Series – USB Erase Software
Model: URaze500
Version: All Version

1. Intended Purpose

The U-Raze Series USB Erase Software is a bootable data sanitization solution designed to perform secure and irreversible erasure of data on supported storage devices.

The product:

• Executes from a dedicated USB flash drive
• Operates independently of the host operating system
• Implements industry-recognized sanitization algorithms
• Generates erasure reports for compliance and traceability

The product is intended for use by authorized and trained operators in controlled IT environments.

2. Security Functional Overview

In its evaluated configuration, the product provides:

• Secure data sanitization using supported erasure methods
• Controlled user access to operational functions
• Audit log generation including timestamps and operation details
• Integrity protection of the execution environment
• Documented secure operation guidance

The product does not provide:

• General-purpose computing functions
• Network connectivity
• Remote management interfaces
• Continuous monitoring capabilities

3. Evaluated Configuration

European Union Common Criteria (EUCC) – Assurance Level: EAL3

4. Evaluated Configuration

Applies only to official U-Reach distributed image version 1.0.80 and future version used per guidance documentation.

5. Assumptions and Operational Environment

The certified security properties rely on the following assumptions:

1. The TOE is used in a physically controlled environment.
2. Only authorized and trained operators perform erasure operations.
3. The USB device containing the TOE is protected from unauthorized modification.
4. Target storage devices are supported types as defined in product documentation.

6. Vulnerability Management and Disclosure

U-Reach maintains documented vulnerability management and coordinated vulnerability disclosure procedures aligned with:

Regulation (EU) 2024/482 (EUCC)

Regulation (EU) 2019/881

ISO/IEC 29147 and ISO/IEC 30111

Email: info@ureach-usa.com

Reports should include:

• Product name and version
• Description of the issue
• Reproduction details (if available)
• Reporter contact information

U-Reach:

• Acknowledges reports within 5 working days
• Performs risk assessment and validation
• Develops remediation where necessary
• Issues updates or advisories when applicable

7. Security Updates and Patch Policy

Security updates are managed under controlled configuration management procedures.

Updates:

• Are version-controlled
• Include documented release notes
• Address verified defects or vulnerabilities
• Are tested prior to release
• Customers are advised to operate the product using the latest available version provided by U-Reach.

8. Contact Information

U-Reach Data Solutions Inc.

3340 Riverside Dr. Suite C, Chino, CA 91710, USA

info@ureach-usa.com

https://ureach-usa.com