The Security Checklist (an Application Guide introduced in 2017) is a nice way to have all Security best practices in one place, with actioinable tasks. In addition, when using Pega Cloud, the Pipelines in the Deployment Manager enforce that all tasks have been completed on the staging environment. (If yo don't, you get an error which you can then skip, but that is not a nice way of working.)
My question is: how do teams typically deal with this? A number of tasks are relevant during development. And it is not a great idea to only start looking at the Security Checklist when you are moving to Staging. But... if you set the tasks to done on your development environment, you need to do it again when you have moved to Staging. So, what is a wise approach here?