AzPolicyAdvertizer

last sync: 2024-Nov-25 18:54:24 UTC

App Service apps that use Python should use a specified 'Python version'

Azure BuiltIn Policy definition

Source Azure Portal
Display name App Service apps that use Python should use a specified 'Python version'
Id 7008174a-fd10-4ef0-817e-fc820a951d73
Version 4.1.0
Details on versioning
Versioning Versions supported for Versioning: 1
4.1.0
Built-in Versioning [Preview]
Category App Service
Microsoft Learn
Description Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest Python version for App Service apps is recommended in order to take advantage of security fixes, if any, and/or new functionalities of the latest version. This policy only applies to Linux apps. This policy requires you to specify a Python version that meets your requirements.
Mode Indexed
Type BuiltIn
Preview False
Deprecated False
Effect Default
AuditIfNotExists
Allowed
AuditIfNotExists, Disabled
RBAC role(s) none
Rule aliases THEN-ExistenceCondition (1)
Alias Namespace ResourceType Path PathIsDefault DefaultPath Modifiable
Microsoft.Web/sites/config/web.linuxFxVersion Microsoft.Web sites/config properties.linuxFxVersion True False
Rule resource types IF (1)
Microsoft.Web/sites
Compliance
The following 9 compliance controls are associated with this Policy definition 'App Service apps that use Python should use a specified 'Python version'' (7008174a-fd10-4ef0-817e-fc820a951d73)
Control Domain Control Name MetadataId Category Title Owner Requirements Description Info Policy#
C.04.3 - Timelines C.04.3 - Timelines 404 not found n/a n/a 21
C.04.6 - Timelines C.04.6 - Timelines 404 not found n/a n/a 21
C.04.7 - Evaluated C.04.7 - Evaluated 404 not found n/a n/a 40
CIS_Azure_2.0.0 9.7 CIS_Azure_2.0.0_9.7 CIS Microsoft Azure Foundations Benchmark recommendation 9.7 9 Ensure that 'Python version' is the Latest Stable Version, if Used to Run the Web App Shared If your app is written using version-dependent features or libraries, they may not be available on the latest version. If you wish to upgrade, research the impact thoroughly. Upgrading may have unforeseen consequences that could result in downtime. Periodically, newer versions are released for Python software either due to security flaws or to include additional functionality. Using the latest full Python version for web apps is recommended in order to take advantage of security fixes, if any, and/or additional functionalities of the newer version. Newer versions may contain security enhancements and additional functionality. Using the latest software version is recommended in order to take advantage of enhancements and new capabilities. With each software installation, organizations need to determine if a given update meets their requirements. They must also verify the compatibility and support provided for any additional software against the update revision that is selected. Using the latest full version will keep your stack secure to vulnerabilities and exploits. link 3
New_Zealand_ISM 14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 New_Zealand_ISM_14.5.8.C.01 14. Software security 14.5.8.C.01 Web applications n/a Agencies SHOULD follow the documentation provided in the Open Web Application Security Project guide to building secure Web applications and Web services. 18
NL_BIO_Cloud_Theme C.04.3(2) NL_BIO_Cloud_Theme_C.04.3(2) NL_BIO_Cloud_Theme_C.04.3(2) C.04 Technical Vulnerability Management Technical vulnerabilities n/a The malware protection is carried out on various environments, such as on mail servers, (desktop) computers and when accessing the organization's network. The scan for malware includes: all files received over networks or through any form of storage medium, even before use; all attachments and downloads even before use; virtual machines; network traffic. 22
NL_BIO_Cloud_Theme C.04.6(2) NL_BIO_Cloud_Theme_C.04.6(2) NL_BIO_Cloud_Theme_C.04.6(2) C.04 Technical Vulnerability Management Technical vulnerabilities n/a Technical weaknesses can be remedied by performing patch management in a timely manner, which includes: identifying, registering and acquiring patches; the decision-making around the use of patches; testing patches; performing patches; registering implemented patches. 22
NL_BIO_Cloud_Theme C.04.7(2) NL_BIO_Cloud_Theme_C.04.7(2) NL_BIO_Cloud_Theme_C.04.7(2) C.04 Technical Vulnerability Management Evaluated n/a Evaluations of technical vulnerabilities are recorded and reported. 43
op.exp.4 Security maintenance and updates op.exp.4 Security maintenance and updates 404 not found n/a n/a 78
Initiatives usage
Initiative DisplayName Initiative Id Initiative Category State Type
[Preview]: Control the use of App Service in a Virtual Enclave 528d78c5-246c-4f26-ade6-d30798705411 VirtualEnclaves Preview BuiltIn
CIS Microsoft Azure Foundations Benchmark v2.0.0 06f19060-9e68-4070-92ca-f15cc126059e Regulatory Compliance GA BuiltIn
New Zealand ISM 4f5b1359-4f8e-4d7c-9733-ea47fcde891e Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme 6ce73208-883e-490f-a2ac-44aac3b3687f Regulatory Compliance GA BuiltIn
NL BIO Cloud Theme V2 d8b2ffbe-c6a8-4622-965d-4ade11d1d2ee Regulatory Compliance GA BuiltIn
Spain ENS 175daf90-21e1-4fec-b745-7b4c909aa94c Regulatory Compliance GA BuiltIn
History
Date/Time (UTC ymd) (i) Change type Change detail
2023-05-01 17:41:52 change Minor (4.0.0 > 4.1.0)
2022-07-01 16:32:34 change Major (3.0.0 > 4.0.0)
2021-03-02 15:11:40 change Major (2.0.0 > 3.0.0)
2020-10-20 13:29:33 change Major (1.0.0 > 2.0.0)
2019-11-12 19:11:12 add 7008174a-fd10-4ef0-817e-fc820a951d73
JSON compare
compare mode: version left: version right:
JSON
api-version=2021-06-01
EPAC