The Farm Credit Administration board has approved a final rule on cyber risk management. The final rule revises parts of 12 CFR Part 609.
The rule requires each System institution to develop and implement a comprehensive, written cyber risk management program. According to the rule, each institution’s board-approved cyber risk management plan must require the institution to take the following actions:
– Assess internal and external risk factors
– Identify potential systems and software vulnerabilities
– Establish a risk management program for the risks identified
– Develop a cyber risk training program
– Set policies for managing third-party relationships
– Maintain robust internal controls
– Establish institution board reporting requirements
Furthermore, each institution’s plan should be consistent with the institution’s size, risk profile, and the complexity of its operations.
The final rule was approved on September 25, 2023, and becomes effective Jan. 1, 2025.
https://ww3.fca.gov/news/Lists/News%20Releases/DispForm.aspx?ID=697&Source=https%3A%2F%2Fww3%2Efca%2Egov%2Fnews%2Flists%2Fnews%2520releases%2Fby%2520year%2Easpx&ContentTypeId=0x01008B611F5BFFD13645AD86E26250D4EA85
