Conformal_Verification_Guide_8.1

Unix AuthenticationThank you for your interest in authenticated scanning! When you configure and use authentication, you get a more in-depth assessment of your hosts, the most accurate results and fewer false positives. This document provides tips and best practices for setting up Unix authentication using Qualys Cloud Suite 8.10 or later.Qualys supports authentication to systems running Unix, Cisco and Checkpoint Firewall.Few things to knowWhy use authentication?With authentication we can remotely log in to each target system with credentials that you provide, and because we’re logged in we can do more thorough testing. This will give you better visibility into each system’s security posture. Is it required? It’s required for compliance scans and recommended for vulnerability scans.Are my credentials safe?Yes, credentials are exclusively used for READ access to your system. The service does not modify or write anything on the device in any way. Credentials are securely handled by the service and are only used for the duration of the scan.Which technologies are supported?For the most current list of supported authentication technologies and the versions that have been certified for VM and PC by record type, please refer to the following article: Authentication Technologies MatrixWhat are the steps?First, set up a user account (on target hosts) for authenticated scanning. Then, using Qualys, complete these steps: 1) Add an authentication record to associate credentials with hosts (IPs). We have separate records for Unix, Cisco and Checkpoint Firewall. 2) Launch a scan using an option profile. For a VM scan be sure to enable authentication in the option profile. 3) Run the Authentication Report to find out if authentication passed or failed for each scanned host.Can I have multiple records?Yes. You can create multiple records with different IP addresses. Each IP address may be included in one Unix type record (Unix Record, Cisco Record or CheckPoint Firewall Record).Login CredentialsYou’ll provide us with credentials in authentication records. Many third party vaults are supported. See the Vault Support Matrix in the online help.What privileges are needed for vulnerability scans?The account you provide must be able to perform certain commands like 1) execute “uname” to detect the platform for packages, 2) read /etc/redhat-release and execute “rpm” (if the target is running Red Hat), and 3) read /etc/debian_version and execute “dpkg” (if the target is running Debian). There are many more commands that must be performed.Where can I find a list of commands? The article *NIX Authenticated Scan Process and Commands describes the types of commands run, and gives you an idea of the breadth and scope of the commands executed. It includes a list of commands that a Qualys service account might run during a scan. Not every command is run every time, and *nix distributions differ. This list is neither comprehensive nor actively maintained.What privileges are needed for compliance scans?In order to evaluate all compliance checks you must provide an account with superuser (root) privileges. The compliance scan confirms that full UID=0 access has been granted even if the initial SSH access has been granted to a non-root user. Without full UID=0 access, the scan will not proceed. Note also the account must be configured with the “sh” or “bash” shell.We support use of Sudo or PowerBroker root delegation for systems where remote root login has been disabled for the system to be scanned. However, you cannot use a restricted Unix/Linux account by delegating specific root level commands to the account specified in the sudoers file or equivalent. A non-root account can be used to establish the initial SSH connection but that account must be able to execute a “sudo su –“ command (or equivalent) so that account can gain root level (UID=0) access for the compliance scan to proceed.Using root delegation tools(Supported for Unix authentication in Unix record settings). These root delegation tools are supported for Unix authentication: Sudo, Pismu, PowerBroker. By enabling root delegation you can provide a lower-privileged user account in the record and still perform scan tests with the elevated privileges of the superuser (root).Tip - If you have multiple tools you can arrange the tools in a particular order in the record. We’ll attempt each root delegation method in sequence, depending on the order configured.Can I access a password in my password vault?Yes. We support integration with multiple third party password vaults, including CyberArk PIM Suite, CyberArk AIM, Thycotic Secret Server, Quest Vault, Lieberman ERPM, and more. Go to Scans > Authentication > New > Authentication Vaults and tell us about your vault system. Then choose “Authentication Vault” in your authentication record and select your vault name. At scan time, we’ll authenticate to hosts using the account name in your record and the password we find in your vault.Using Kerberos AuthenticationKerberos is a network authentication protocol designed to provide secure and encrypted authentication for your systems and services. You can specify Kerberos authentication details and perform authenticated scans on Unix systems that have Kerberos (GSSAPI) enabled.Turn on the Use Kerberos toggle and specify the following details for realm discovery and authentication:Parameter DescriptionRealm Discovery Specify the realm discovery method. The available values are manual, single, and DNS.User Realm Specify the name of the realm that a user belongs to and the KDC (KeyDistribution Center) that is responsible for authenticating users and issuingticket-granting tickets (TGTs) for the realm.User KDCService Realm When a user wants to access a service that is part of a different realm,specify:•The name of the realm that a service belongs to.•The KDC that manages authentication for the service in its realm. Service KDCAuthentication Type Specify the authentication type. Only basic or vault-based authentication is supported for Kerberos.Using private keysFor Unix authentication key authentication is supported for SSH2 only. You can define private keys in Unix authentication records.Clear Text Password optionThe service uses credentials provided in your authentication record for remote access to different command line services such as SSH, telnet and rlogin. The Clear Text Password setting in your record determines whether your credentials may be transmitted in clear text when connecting to services which do not support strong password encryption.Clear Text Password: Not Selected (the default)Your password will not be transmitted in clear text. The scanning engine only uses strong password encryption for remote login. This setting may prevent the scanning engine from detecting some vulnerabilities on hosts which do not support strong password encryption.Clear Text Password: SelectedYour password may be transmitted in clear text. The scanning engine uses strong password encryption for remote login, if possible, and falls back to transmitting credentials with weak encryption or in clear text for services which do not support strong password encryption. Important: If these credentials are intercepted by a malicious person, then they may be used to completely compromise a host for attack and theft of information. It is recommended that you replace unsecured services, such as telnet and rlogin, with a secured SSH service. If you must operate unsecured command line services, it is recommended that you operate them within a secured tunnel like SSL/TLS or VPN.Target TypesYou can provide a target type while creating or updating the Unix (SSH2) authentication record. With this field, you can define the non-shell based target types in the SSH2 authentication record. Targets with a standard Unix shell will continue to be auto-detected. Thetarget types are set to "Auto (default)" for these records. Currently, Qualys offers only the "auto (default)" option. With upcoming releases, more target types will be available.Unix Authentication RecordHow to add a Unix recordGo to Scans > Authentication. Then select New > Operating Systems > Unix. You might be interested in Unix subtypes. You’ll see records for Cisco authentication and Checkpoint Firewall authentication.Enter the Unix login credentials (user name, password) our service will use to log in to Unix hosts at scan time. Then walk through our wizard to select the options you want for private keys, root delegation, policy compliance and target IPs. Our online help is always available to assist you.Choose options!If you provide multiple credentials, authentication is attempted in this order:1) RSA key, 2) DSA key and then 3) password.Option to get the password for login credentials from a vault. Choose from vaults available in your account.Specify Kerberosauthentication details if Kerberos authentication is enabled on the target host.Use any combination of private keys (RSA, DSA, ECDSA, ED25519) and certificates (OpenSSH, X.509) for authentication. Key authentication is supported for SSH2 only.(1) Option to get private(2) Choose certificate type OpenSSH or X.509.Use multiple rootWe’ll attempt each root delegation method in sequence, depending onthe order configured.from vault. Choosefrom vaults available inyour account.Add IPsAdd the IPs you want toscan on the IPs tab.Each IP may beincluded in one Unixtype record (Unix,Cisco, CheckPointFirewall).Ports for compliance scansThe Policy Compliance Ports tab is where you define a custom ports list if services (SSH, telnet, rlogin) are not running on well-known ports for the hosts you will be scanning. By default, these well-known ports are scanned: 22 (SSH), 23 (telnet) and 513 (rlogin). Any one of these services is sufficient for authentication. Good to Know - The actual ports scanned also depends on the Ports setting in the compliance option profile used at scan time.Using Private Keys / CertificatesFor successful authentication, the user account must be added to all target hosts along with the public key, which will be appended to the “.ssh/authorized_keys2” file in the user’s home directory. Our service must have full access to the target hosts during scanning. It’s possible that manually added options in “.ssh/authorized_keys2” files (like no-pty) lockout our service and in this case security tests cannot be performed. SSH keys and certificates listed below are supported. All of the private keys can either be unencrypted or encrypted with a passphrase.SSH Private keysPEM-encoded RSA private keyPEM-encoded DSA private keyPEM-encoded ECDSA private keyOpenSSH-encoded RSA private keyOpenSSH-encoded DSA private keyOpenSSH-encoded ECDSA private keyOpenSSH-encoded EDDSA (currently only ED25519) private key Supported CertificatesPEM-encoded X.509 certificate using RSAPEM-encoded X.509 certificate using DSAPEM-encoded X.509 certificate using ECDSAOpenSSH certificate using RSAOpenSSH certificate using DSAOpenSSH certificate using ECDSAOpenSSH certificate using EDDSA (currently only ED25519)Cisco Authentication RecordWhich technologies are supported?Cisco IOS, Cisco ASA, Cisco IOS XE, Cisco NX-OS and Cisco ACS (version 5.8 is not supported) Which vaults are supported?CyberArk AIM, CyberArk PIM SuiteWhat login credentials are required for Cisco?1) The user account provided for authentication must have privilege level 15 (equivalent to root level privileges) on the Cisco device in order to perform all checks. You can find a list of commands the account must be able to execute in the online help.2) We need port 22 (for SSH authentication) or port 23 (for Telnet authentication). If Telnet is the only option for the target you must select the Clear Text Password option in the record since Telnet is an insecure protocol (all information is sent in clear text). We’ll use strong password encryption for remote login, if possible, and fall back to transmitting credentials in clear text only when the Clear Text Password option is selected.3) Your password must not include any spaces.Checkpoint Firewall Authentication RecordWhich technologies are supported?CheckPoint Gaia and SecurePlatform PRO operating systems:- CheckPoint Gaia R75-R77- CheckPoint SecurePlatform PRO R75-77Which vaults are supported?CyberArk AIM, CyberArk PIM SuiteWhat login credentials are required for Checkpoint Firewall?1) The user account you provide for authentication must have administrative level privileges on the Checkpoint device to perform all checks, and must be able to execute these commands: verexpert (to switch to expert mode)cpstat os2) TCP port 22 must be open on the scan target for SSH authentication.3) Your password must not include any spaces.Tell me about the Expert Password optionIf the “expert” command on the target host requires a password, then you must also provide the expert password in the record. (Note: The pooled credentials feature is not supported if the "expert" command requires a password and the password is specified.)Last updated: April 27, 2023Qualys Unix Authentication 11。

H3C SecPath UTM系列安全产品特征库License注册/激活指导目录1 为什么要进行设备注册 (1)2 设备License的注册 (1)3 设备License文件的激活 (2)1 为什么要进行设备注册H3C SecPath UTM系列安全产品在使用前需要完成License注册/激活程序来保证您享有一系列基于特征库的更新升级服务，H3C网站提供License的注册的功能。

网站将根据设备序列号及随机附带的授权书上的序列号生成相应的License文件。

只有在设备中导入License文件，才能更新升级IPS、AV等相应的特征库，从而保障安全设备能实时抵御最新攻击；同时设备配置导入等功能的完成也需要在License激活的状态下才能进行。

2 设备License的注册访问H3C公司中文网站，依次点击“产品技术->产品介绍->IP安全产品”，点击该页面右下方处的“H3C特征库服务专区”，进入设备注册页面。

图2-1H3C公司产品技术栏目图2-2特征库服务专区图2-3设备注册界面设备注册的详细说明如表2-1所示。

表2-1设备注册项说明表z License文件具有唯一性，每份软件使用授权书只能给一台设备使用。

z网站根据注册信息生成的License文件通过您提供的Email地址发送给您。

此工作一般在两个工作日之内完成，请您注意查收邮件。

3 设备License文件的激活(1) 启动浏览器，输入登录信息z用交叉以太网线将PC和设备的以太网口GigabitEthernet0/0相连；为PC配置IP地址（例如192.168.0.2），保证能与设备互通。

z将网站通过您所提供的Email地址发送给您的License文件保存在这台PC上。

z在PC上启动浏览器，在地址栏中输入IP地址“192.168.0.1”（UTM设备默认的IP地址）后回车，即可进入设备的Web登录页面，如图3-1所示。

输入用户名“admin”、密码“admin”和验证码，选择Web网管的语言种类，单击<登录>按钮即可登录。

Cadence OrCAD电子电路设计Synopsys Star-HSpice v2006 03 SP1 1CD(电路仿真软件)Synopsys Star-rcxt vB-2008.06 SP2 Linux 1CD Synopsys Vera v6.3.10 for linux&solaris 1CD Synopsys.VCS.v6.0.1.WinNT_2k 1CD Synopsys VCSvB-2008.12 Linux 2CD Synopsys VCS vA-2008.09 LinuxAMD64 1CD Synopsys VCS-MX vA-2008.09 Linux 2CD Synopsys VCS-MX vA-2008.09 LinuxAMD64 2CD Synopsys.2001.08.Core.Synthesis.for.linux 1CD Synplicity Amplify v3.7 1CD(第一款为FPGA设计的物理综合产品)SynpliCity Identify RTL Debugger v2.0.1 1CD Synplify FPGA C-200903 for Windows 1CD Synplify DSP v3.6 1CD Synplify.Premier.v9.61 Linux 1CD Synplify.Premier.v9.6.2.with.Identify.v3.02 1CD(针对复杂可编程逻辑设计的功能强大的FPGA综合工具，独有的特性和极快的运算速度使它成为业界的最流行的也是最强力的综合工具，而且还附加了调试于优化功能)Synplify Pro v9.2.2 Linux 1CD Synplify v8.5 with Identify v2.3.2 Linux 1CD Synplify ASIC v5.02 for win&linux&sun&unix 1CD TaurusMedici vV-2003.12 linux 1CD Virtio VPAI 2.0 Platform 1CD BoschRexroth Group产品：Bosch.Rexroth.Indraworks.v7.04-ISO 3CD(是一个简单易操作的工程环境，用于所有力士乐电子控制系统及驱动系统)Bos ch.Rexroth.WinStudio.v6.5.WinNT_2K 1CD(提供了制造执行系统(MES)和用于监控及性能监视功能的数据采集与监视控制系统(SCADA)SANDWORK DESIGN INC.产品：Design Spice Explorer v2007.1 1CD Design Spice Explorer v2003.1 Linux 1CD Tanner产品：Tanner.L-EDIT.pro.with.LVS.v10.0-ISO 1CD(IC设计验证系统软件)Tanner.S-EDIT.v7.03 1CD(电路框架的制作和编辑工具)Tanner.T-SPICE.Pro.v8.1(大规模模拟和混合信号IC的精确高效分析模拟软件)Tanner Tools v13.14 1CD(集成电路设计环境)===客服专用QQ：16264558用我们的诚信打造专业服务客服专用QQ：16264558用我们的诚信打造专业服务phone：139****2271列表中的各类软件基本都经过安装测试，可以放心使用。

DesignWare (DW) Verification Guide Product Version 12.1June 8, 2013Copyright Statement© 2013 Cadence Design Systems, Inc. All rights reserved worldwide. Cadence and the Cadence logo are registered trademarks of Cadence Design Systems, Inc. All others are the property of their respective holders.ContentsPurpose (4)Support DW Models (4)Disabling translate_off/on Directives (5)DW Verification in DC (5)Benefits of Using Supported DW Models (5)Non-Synthesizable DW Substitution Flow (7)Flow Examples (8)Automatic Replacement Flow (8)Manual Replacement Flow (9)DW Verification in RC (9)PurposeThis guide describes how to perform Conformal equivalence checking on designs that instantiate DesignWare (DW) models, and how to verify the instantiated models using Design Compiler (DC) and RTL Compiler (RC).The Conformal equivalence checker can read in and verify most types of synthesizable DW models. Non-synthesizable models are, by default, modeled as blackboxes and are skipped during equivalence checking. When a design contains models that are modeled as blackboxes, you can run into false non-equivalent points (NEQs) or aborts.Note: Equivalence checkers (not limited to Conformal) cannot handle instantiated DW models whose simulation model is non-synthesizable, because the checker cannot read in the model description or build the model in the golden design.This guide describes how you can handle non-synthesizable DW models within the Conformal equivalence checker. Other equivalence checkers offer solutions that run in the background, but these solutions generally involve replacing all non-synthesizable DW models. Using the methods described in this guide, you can tailor the replacement/handling of non-synthesizable DW models to your own design and increase the quality of your verification results.Support DW ModelsWhen you read in a design with instantiated DW models, Conformal first uses the user-defined models. If the design does not contain any user-defined models, Conformal uses a set of DW Verilog models that is available in the following directory of your Conformal installation:<install_dir>/share/cfm/lec/library/verilog/dwTo change the specification as to which DW models are used first, use the SET DW DEFINITION command before you read in the designs.This directory also contains a README file that lists all of the supported DW models; it also lists all of the models that are not supported (blackboxed).Disabling translate_off/on DirectivesWhen you read in a DW model, it might have embedded translate_on or translate_off directives that can cause Conformal to inadvertently blackbox most of the design's Verilog and VHDL DW models.To disable these directives, use the following command before reading in the Verilog or VHDL DW models:set directive off translate_off translate_onIf you need to use these directives in other parts of the design, use the -file option to disable the directives in only the Verilog or VHDL DW model files. For example:set directive off translate_off translate_on –file DW*The tool will issue a DIR3.1 warning message for models where these directives are not disabled.// Warning: (DIR3.1) synthesis/translate/compile on/off directive is detected (occurrence:2)SETUP> report rule check DIR3.1 -verboseDIR3.1: synthesis/translate/compile on/off directive is detectedType: Golden Severity: Warning Occurrence: 21: DW01_add:synopsys translate_offon line 49 in file 'DW01_add.v'2: DW01_add:synopsys translate_onon line 81 in file 'DW01_add.v'SETUP> report black boxSYSTEM: (G) DW01_addDW Verification in DCBenefits of Using Supported DW ModelsYou should always first use the provided set of Conformal-supported DW models, before any other type of models. These models have been set up for verification and the non-synthesizable models have empty module descriptions. You do not have to use the SET DIRECTIVE command with these models; LEC will parse them, as is, without any error messages.The following lists additional benefits to using the provided set of Conformal-supported DW models:•Some DW models are synthesizable, but are not ideal for verification when used "as is". For example, the following DW models can lead to false NEQs or abort points when you read them in using their original Synopsys description:o DW_div_pipeo DW_shiftero DW_squarepo DW01_bsho DW02_maco DW02_mult_2_stageo DW02_mult_3_stageo DW02_mult_4_stageo DW02_mult_5_stageo DW02_mult_6_stageo DW02_multpo DW02_prod_sumo DW02_prod_sum1o DW02_treeNOTE:You must use the ANALYZE MODULE command when verifying DW02_multp, DW02_tree, and DW_squarep. Refer to the Conformal Equivalence Checking Reference for more information on this command.•If you read in the following models using their original Synopsys description, LEC will most likely abort with a long run time. Therefore, these models are not supported in Conformal: o DW02_multo DW_divThere will be a HRC5 warning message when DW02_mult or DW_div is instantiated and no simulation model is read in for them:// Warning: (HRC5) Designware referenced but not defined (occurrence:1)SETUP> report rule check HRC5 -verboseHRC5: Designware referenced but not definedType: Golden Severity: Warning Occurrence: 11: top/DW02_multon line 10 in file 'test.v'When you use the provided set of Conformal-supported DW models, the verification can complete successfully and with minimum setup.LEC parsing will report the correct path of the used DW model:// Parsing file <install_dir>/share/cfm/lec/library/verilog/dw/DW02_multp.v ...Non-Synthesizable DW Substitution FlowThe current release has a flow in place for handling designs that instantiate non-synthesizable DW models. This flow helps set up synthesis scripts to generate generic DW gate netlists for the non-synthesizable DW models. Conformal will then substitute the generic DW gate netlists with the DW instantiations.For example, consider a design with a Verilog DW_stackctl instantiation:module test (...);...DW_stackctl ...;...endmoduleRead in the design files and have LEC use the supported DW models to automatically create a blackbox for the DW_stackctl module:Note: If you are not using the set of Conformal-supported DW models, do not use the SET DIRECTIVE command on non-synthesizable models; Conformal might issue a parsing error instead of blackboxing the model. If your design does not use the supported set of DW models and contains a combination of synthesizable and non-synthesizable DW models, instead use the -file option with the SET DIRECTIVE command to read and correctly compile the synthesizable DW components.After you read in the design and LEC creates a blackbox for the non-synthesizable DW model, use the following commands to automatically create a directory called dw_generic/RUN with DW wrapper scripts to run synthesis:set hdl options -synthesis_executable <dc_install_dir>/bin/dc_shellwrite blackbox wrapper -directory dw_generic DW* -auto_substitute// Note: Wrapper file will be written into directory:// <current_work_dir>/dw_generic/RUN// Note: Writing wrapper file dw_generic/RUN/_DW_stackctl.v// for blackbox module DW_stackctlThe SET HDL OPTIONS -synthesis_executable specifies the path to the synthesis executable. The WRITE BLACKBOX WRAPPER -auto_substitute command uses this path to when it performsautomatic DW substitution. Automatic DW substitution creates a wrapper file for each blackbox instance in the design whose module name matches those in a specified pattern list (in this case, models whose name starts with DW*) and automatically substitutes the blackbox models with the synthesized models.// Note: Running synthesis tool, logfile: dw_generic/RUN/dc.tcl.log// Parsing file dw_generic/RUN/_DW_stackctl.g.v ......// Note: Substituting module of bbox instance i0 with new module// _DW_stackctl(dw_generic/RUN/_DW_stackctl.g.v:6)Once the blackbox models have been substituted with the synthesized models, you can read in the revised gate netlist and compare the two designs.Note the following when using WRITE BLACKBOX WRAPPER -auto_substitute:•If the -directory option is not specified, LEC creates directory called CFM_BBOX_DIR/RUN directory by default.•If the -directory option is not specified and the SET PROJECT NAME command is used, LEC creates a directory called <CFM_BBOX_DIR/RUN> within the <project_directory>/<project_name>.cfm directory.•If both -directory and SET PROJECT NAME are used, then LEC creates a directory called <my_bbox_dir>/RUN in the current working directory and not the project directory.When you are using automatic substitution (WRITE BLACKBOX WRAPPER -auto_substitute), you do not need to use the SUBSTITUTE BLACKBOX WRAPPER command. You need to use the SUBSTITUTE BLACKBOX WRAPPER command only when automatic substitution is disabled (WRITE BLACKBOX WRAPPER -noauto_substitute).Flow ExamplesAutomatic Replacement FlowWith the automatic flow, you read in the design files that contain the DW modules and then specify the path to the DC executable. Then, create the synthesis script ('<dir>/RUN/synth.tcl') wrapper file using the WRITE BLACKBOX WRAPPER command (with -auto_substitute).The tool will automatically run the synthesis tool to generate the synthesis models and replace the old models with the new ones.read design design_file1.v design_file2.v -verilog -goldenset hdl options -synthesis_executable <dc_install_dir>/bin/dc_shellwrite blackbox wrapper -directory dw_generic DW* -auto_substituteread design -revised...Manual Replacement FlowIn the manual flow, you would read in the design files that contain the DW modules, then create the synthesis script ('<dir>/RUN/synth.tcl') wrapper file using the WRITE BLACKBOX WRAPPER command (without -auto_substitute).read design design_file1.v design_file2.v -verilog -goldenwrite blackbox wrapper -directory dw_generic DW*Use the wrapper file in DC to generate the synthesized models (the models will be stored in the same directory as *.g.v).Then, read in the newly created *.g.v file into the design. Then, substitute the blackbox instances with the new models using the SUBSTITUTE BLACKBOX WRAPPER command.read design -append CFM_BBOX_DIR/RUN/*.g.vsubstitute blackbox wrapper DW*read design -revised...DW Verification in RCFor RC DW support, use the dofile generated by the RC command write_do_lec. You do not have to modify the dofile for Conformal in order to verify any of the DW models; however, you might need to uncomment the path to the RC DW models that will be used. For example:// tclmode// set env(CDN_SYNTH_ROOT)...// vpxmodeNote: Do not use the provided set of Conformal-supported DW models when verifying in RC. Refer to the RC ChipWare Support document for detailed information regarding RC DesignWare support.。

ORIGINATE DEPT.相关部门 RELEVANT DEPT.& CFR21 FDA 21 CFR QSR(Quality System Regulation) 820文件类型Document Type 应用范围 Application Scope品质管理体系程序 QMS PROCEDURE通用 GENERAL修订记录 REVISION HISTORY版本 Rev.A修改内容 Revised ContentsInitial releasing with ISO/TS16949 requirements作者 AuthorXXX生效日期 EFF. DateNov.07,2006Change the title from “ 改正和预防行动程序CorrectiveB and Preventive Action Procedure” to “ 纠正和预防措施 XXX Jan.10th, 2009程序 Procedure for Corrective & Preventive Action”Revised the procedure t o meet ISO13485 regulations (China) CXXX15-07-2014(USA) requirements文件审批 APPROVAL本文件须经相关部门工程师（或主管）签批，请作者指定。

This d o cu m ent shall be reviewed by ISO Coordinator and. The author shall determine.编写部门部门名称DEPT. TITLEQA ManufacturingMachining Engineering PE工程师姓名NAME OF ENGINEER工程师签署SIGNATURE经理姓名NAME OF MANAGER经理签署SIGNATURE管理者代表签署 SIGNATURE OF M.R.拒签理由 Reason of reject:Ditto总经理签署 SIGNATURE OF GM.文件分发 DISTRIBUTION部门 DEPT.EngineeringQAHR 数量 Q’TY1 部门 DEPT.AssemblyPlatingS tamping 数量 Q’TY 部门 DEPT.OFFSourcingFinance数量 Q’TYMaintenanceMolding1目的Purpose本程序规范了为消除存在或潜在的不合格而采取纠正预防措施的流程，以确保类似不合格不再发生或潜在不合格的发生，促进质量管理体系的持续改进。

w r f手册中文(总20页) -CAL-FENGHAI.-(YICAI)-Company One1-CAL-本页仅作为文档封面，使用请直接删除Chapter 1: OverviewIntroductionThe Advanced Research WRF (ARW) modeling system has been in development for the past few years. The current release is Version 3, available since April 2008. The ARW is designed to be a flexible, state-of-the-art atmospheric simulation system that is portable and efficient on available parallel computing platforms. The ARWis suitable for use in a broad range of applications across scales ranging from meters to thousands of kilometers, including:Idealized simulations (e.g. LES, convection, baroclinic waves)Parameterization researchData assimilation researchForecast researchReal-time NWPCoupled-model applicationsTeaching简介Advanced Research WRF (ARW)模式系统在过去的数年中得到了发展。

最近公布了第三版，从2008年4月开始可供使用。

ARW是灵活的，最先进的大气模拟系统，它易移植，并且有效的应用于各种操作系统。