The question provides the verbatim definition of an information system as established by U.S. law and adopted by the National Institute of Standards and Technology (NIST). An information system is a comprehensive term that includes not just technology but also the people and processes organized for the specific purpose of managing the information lifecycle (collection, processing, maintenance, disposition). This definition is fundamental to the Risk Management Framework (RMF) and the CGRC domain. The other options represent either subsets or foundational components of an information system, but not the complete, defined entity itself.

B. A General Support System (GSS) is a specific type of information system that provides a shared infrastructure, making it a narrower term than the definition provided.

C. An IT infrastructure is the underlying technological foundation (hardware, networks) but lacks the specific, organized purpose of information processing and management described in the question.

D. A Major Application is a software component that runs within an information system, not the entire discrete set of organized resources itself.

1. NIST Special Publication 800-53, Revision 5, Security and Privacy Controls for Information Systems and Organizations, Appendix A, Page A-10. The document defines an Information System as: "A discrete set of information resources organized for the collection, processing, maintenance, use, sharing, dissemination, or disposition of information."

2. NIST Special Publication 800-37, Revision 2, Risk Management Framework for Information Systems and Organizations, Page 11, Section 2.1. This publication states, "The RMF applies to all federal information systems..." and uses the standard definition throughout, reinforcing that the question describes an information system.

3. 44 U.S. Code § 3502 (Definitions). The E-Government Act of 2002, which is a primary legal source for federal information security, defines "information system" in this section, providing the legal basis for the NIST definition. The text is nearly identical to the question.