To combat this, the DoD's Defense Information Service Agency
(DISA) developed a standard that may be used not only for developing
new apps but also for testing, vetting, and assessing existing apps. This will provide a considerable degree of protection through applying controls and best practices in use throughout the industry to reduce vulnerabilities. The standard, known as the Mobile Applications Security Requirements Guide [1] or the SRG, is available for public download from the Information Assurance Support Environment.