Hello everyone!

I have been in Cybersecurity for a few years and one thing that I have been curious about is how to figure out relevant or useful artifacts before a SCA asks for them. It seems like a lot of the processes are just known by more experienced staff who were told how to do it by someone in the past.

Where do I find the documentation on what artifacts are needed for an ATO, IATT, and maybe just the general process on how to do them? What about a document of useful artifacts that may not be minimum required artifacts, but incredibly nice to have?

We have a few distributed standalone systems (it's a mess) and I want to make sure I get everything. (potentially more than the minimum that is usually asked for)

Things that come to mind

Scans - CKL and .nessus

PPSM

Topo/architecture

hw/sw list

Device exports - a few powershell scripts to find things like local accounts and such

Do you guys have any other useful artifacts that maybe are less known but useful?

​

Thank you so much!