1. A software program hosted by an information system. (SP 800-37).
2. Software program that performs a specific function directly for a user and can be executed without access to system control, monitoring, or administrative privileges. (CNSSI-4009) (NISTIR).
Source: The Cyber Glossary, National Security Archive, George Washington University, https://nsarchive.gwu.edu/news/cyber-vault/2018-09-19/cyber-glossary