Cisco
Login
Search
Software Secure Workload
Activity Configure

Manage Policy Lifecycle in Secure Workload About Policy Versions (v* and p*)

Last updated: Jun 09, 2025

About Policy Versions (v* and p*)

Policy versions are sometimes called workspace versions.

Displayed Version

The version of the policies (and clusters) that you are currently working with is shown at the top of the workspace page:

Policy version displays at top of the workspace page.

  • V* versions are generated by automatic policy discovery

    For details, see below

  • P* versions are analyzed and/or enforced versions

    For details, see below

The following icons may appear beside the version number:

Table 1. Version Icons

Latest analyzed policies icon

Indicates the version of the policies that is currently being analyzed

Latest enforced policies icon

Indicates the version of the policies that is currently being enforced

Latest version of discovered policies

Indicates the latest version of automatically discovered policies

(no icon)

Indicates that the version is not the latest version of its type

Examples:

  • Displayed version is the latest discovered version of the policies:

    Discovered policies version.

  • Displayed version is the version of the policies that is currently being analyzed:

    Policy Analysis Version

  • Displayed version is the version of the policies currently being analyzed and enforced:

    Published policy version: Analyzed and Enforced

Policy Discovery Version (v*)

Each time you automatically discover policies for a workspace, the version (v*) increments.

The first time you automatically discover policies, version 1 is generated, and all modifications after that run, such as editing or approving clusters (but not a rerun), are also grouped under version 1. When you subsequently automatically discover policies, a new version is generated (unless discovery failed).

The v* version also increments if you import policies.

To work with v* versions, see the section on View and Compare Discovered Policy versions.

Published Policy Version (p*)

The term "published" policy version (p*) for a workspace can refer to either:

  • The version of the policies that was analyzed, or

  • The version of the policies that was enforced

These are two separate but parallel versions that depend on the context:

  • Policy version for analysis:

    Each time you analyze policies in a workspace, or click Analyze Latest Policies after making a change, the system takes a snapshot of all the clusters and policies that are defined in that workspace, and the "published" policy version (p*) number for analysis increments. The latest Live Policy Analysis version is shown at the top-left side of the page on the Policy Analysis tab of the primary workspace.

    Analyzed policy version on Policy Analysis tab

  • Policy version for enforcement:

    Each time you enable enforcement of the policies in a workspace, or enable enforcement again after making changes, the "published" policy version (p*) for enforcement becomes the number of the analyzed version that you choose in the enforcement wizard. So, if you enforce analyzed version 5, the enforced version is also version 5, even if it is, for example, the first time policy has been enforced for the workspace. The current Enforced Policy Version is shown at the top-left side of the page on the Enforcement tab of the primary workspace.

    Enforced policy version on Enforcement tab

Managing Published (p*) Versions

Published policy versions cannot be edited, only deleted entirely.


 

Published policy versions (p*) are limited to 100 total. Once this limit is reached, you must delete old versions.

To manage and delete p* versions, see the sections on View and Compare Manage Analyzed Policy versions and View and Compare Manage Analyzed Policy versions or View and Compare Manage Analyzed Policy versions. Note that you can also use the API to delete published versions.
Previous topic Enforcement History Next topic Comparison of Policy Versions: Policy Diff