To gain an OS privilege is to gain root access in the traditional computing scenario.
The same applies to apps, so each app must be controlled in the rights and privileges it has, in the event it is maliciously accessed and used as a proxy to cause further damage to the device through reading sensitive data, executing unauthorized code, etc. Then additional attacks on the system and DoD networks may be possible. Therefore, the DoD requires apps to implement automated mechanisms to enforce access control restrictions which are not provided by the OS.