StacksVerified U.S. regulatory reference

12 CFR §609.935

Verified against eCFR.gov as of June 20, 2026View official text on eCFR.gov
The annually approved business plan required under subpart J of part 618 of this chapter, and § 652.60 of this chapter for System institutions and the Federal Agricultural Mortgage Corporation, respectively, must include a technology plan that, at a minimum:
  1. (a)Describes the institution's intended technology goals, performance measures, and objectives;
  2. (b)Details the technology budget;
  3. (c)Identifies and assesses the adequacy of the institution's entire cyber risk management program, including proposed technology changes;
  4. (d)Describes how the institution's technology and security support the current and planned business operations; and
  5. (e)Reviews internal and external technology factors likely to affect the institution during the planning period.