Which task follows the implementation of security controls during the SDLC?

The assessment of controls follows the implementation phase during the Software Development Life Cycle (SDLC) because it is crucial to evaluate the effectiveness and adequacy of security measures that have been put in place. After implementing security controls, it is essential to verify that these controls are functioning as intended and are properly integrated within the system. This assessment process generally involves testing and reviewing the controls to ensure they adequately mitigate identified risks and comply with established security policies.

This step is vital as it provides insight into any potential vulnerabilities or weaknesses in the security posture that may need to be addressed. It also helps in determining whether the controls provide the required level of protection and whether they align with the organization’s risk tolerance.

Following the assessment, further activities such as authorization of controls or ongoing monitoring may occur, but these typically cannot start until the assessment confirms that the controls are effective and ready for operational use. Therefore, the sequence of implementing and then assessing controls is a logical progression in the SDLC focusing on maintaining security and compliance.