Attempting to address two common arguments for what falls into scope for M-15-13 compliance auditing that stems from what it means to be a "web server". The content of a server's response is frequently being used to debate whether a listening network service qualifies as in-scope; chief among these arguments are those that conflate the availability of a web page with the availability of an HTTP service, and those that misconstrue the meaning of 4xx and 5xx status codes.
konklone
commented
7 years ago
Attempting to address two common arguments for what falls into scope for M-15-13 compliance auditing that stems from what it means to be a "web server". The content of a server's response is frequently being used to debate whether a listening network service qualifies as in-scope; chief among these arguments are those that conflate the availability of a web page with the availability of an HTTP service, and those that misconstrue the meaning of 4xx and 5xx status codes.