Skip to content
LexBuild

12 CFR § 609.905 - In general. 

---
identifier: "/us/cfr/t12/s609.905"
source: "ecfr"
legal_status: "authoritative_unofficial"
title: "12 CFR § 609.905 - In general."
title_number: 12
title_name: "Banks and Banking"
section_number: "609.905"
section_name: "In general."
chapter_name: "FARM CREDIT ADMINISTRATION"
subchapter_number: "B"
subchapter_name: "FARM CREDIT SYSTEM"
part_number: "609"
part_name: "CYBER RISK MANAGEMENT"
positive_law: false
currency: "2026-04-05"
last_updated: "2026-04-05"
format_version: "1.1.0"
generator: "[email protected]"
authority: "Sec. 5.9 of the Farm Credit Act (12 U.S.C. 2243); 5 U.S.C. 301; Pub. L. 106-229 (114 Stat. 464)."
regulatory_source: "88 FR 85832, Dec. 11, 2023, unless otherwise noted."
cfr_part: "609"
---

# 609.905 In general.

Farm Credit System (System) institutions must engage in appropriate risk management practices to ensure safety and soundness of their operations. A System institution's board and management must maintain and document effective policies, procedures, and controls to mitigate cyber risks. This includes establishing an appropriate vulnerability management program to monitor cyber threats, mitigate any known vulnerabilities, and establish appropriate reporting mechanisms to the institution's board and the Farm Credit Administration (FCA). The vulnerability management programs should be commensurate with the size, risk profile, and complexity of the institution and based on sound industry standards and practices.