The annually approved business plan required under subpart J of part 618 of this chapter, and § 652.60 of this chapter for System institutions and the Federal Agricultural Mortgage Corporation, respectively, must include a technology plan that, at a minimum:
- (a) Describes the institution's intended technology goals, performance measures, and objectives;
- (b) Details the technology budget;
- (c) Identifies and assesses the adequacy of the institution's entire cyber risk management program, including proposed technology changes;
- (d) Describes how the institution's technology and security support the current and planned business operations; and
- (e) Reviews internal and external technology factors likely to affect the institution during the planning period.