Cybersecurity Risk Management and Strategy Disclosure	12 Months Ended
Dec. 28, 2024
Cybersecurity Risk Management, Strategy, and Governance [Line Items]
Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]	Cybersecurity related risks have been identified as material business risks, and identifying, assessing and managing these risks is integrated into our Enterprise Risk Management (ERM) process, which is designed to identify, assess and guide in managing material risks throughout Textron at both the business segment and enterprise levels. We maintain cyber risk/network protection mitigation plans through our ERM process to assist in management of these risks. Our full Board oversees our ERM process through discussions at our Board of Directors’ Annual Strategic Business and Risk Review and at an annual dedicated ERM Review. In addition, high risk areas, including cybersecurity matters, are reviewed and discussed with the full Board or other Board Committees, as appropriate. The Audit Committee, as reflected in its charter, has been designated to assist the Board in its oversight of our ERM process, including with respect to cybersecurity risk. We maintain a detailed Cybersecurity Incident Response Plan that guides our incident response process. Upon the occurrence of a cybersecurity event, the cyber incident response team will follow a predefined process, documenting each step taken, to analyze and validate the event, and, if a cybersecurity incident is suspected to have occurred, quickly perform an initial analysis to determine the incident’s scope. The team will prioritize the response to each incident based on its estimate of the business impact caused by the incident and the estimated efforts required to recover from the incident. Notification of the incident is made to various stakeholders, including senior management and, if appropriate based upon the incident severity assessment, our Board. The team will also conduct incident containment, eradication and recovery, and post incident activity. Our Security Culture We protect our information assets and manage risk by promoting a culture that communicates security risks, designs secure IT systems and operates according to approved processes to reduce the likelihood and impact of security incidents. We achieve this objective by: •Designing, implementing and maintaining solutions with appropriate security controls. •Sustaining solutions with required patching and vulnerability remediation. •Creating and executing controls in support of policy as well as regulatory compliance. •Ensuring that our policies, processes, practices and technologies proactively protect, shield, defend and remediate cyber threats. •Delivering quality communications and annual training to stakeholders on cyber awareness and computing hygiene. We believe that the conduct of our employees is critical to the success of our information security. Through our security awareness program, we keep our employees apprised of threats, risks and the part that they play in protecting both themselves and the company. We conduct periodic compliance training for our employees regarding the protection of sensitive information, which includes mandatory annual cyber safety training for all users with access to our computer network intended to reduce the likelihood of success of cyberattacks which target our employees. We also conduct regular phishing simulations to increase employee awareness on how to spot phishing attempts, and what to do if they suspect an email to be a phishing attack. We execute penetration testing against our technical environment and processes, and continuously monitor our network and systems for signs of intrusion. We also retain consultants to enhance our penetration testing program with current trends and methodologies utilized against other companies, ensuring we are proactively reducing risk from emerging threats. In addition, we conduct tabletop exercises to prepare for responding to potential cybersecurity events. We have a rigorous process, including a formal IT risk assessment, to assess our service providers prior to allowing our information to be processed, stored or transmitted by third parties, and we include standardized contractual requirements in each contract where appropriate. We validate our service providers’ security via questionnaires, open-source intelligence and, where appropriate, SOC1 reports on financially significant third-party service providers. Our process also includes regular monitoring of risk related to third parties on a periodic basis or when services or product purchases expand beyond their original scope or intended use. Protections against insider threat is a critical component of our security strategy, particularly within our defense business units. Our insider threat detection processes are designed to identify and evaluate potential insider threats so that appropriate mitigation can be implemented. Collaboration with our industry partners and government customers contributes to the protection of Textron’s computing environment as well as our military stakeholders. Textron is engaged with various industry groups such as Aerospace Industries Association, National Defense Information Sharing & Analysis Center and our Defense Industrial Base colleagues to ensure that we are aware of and are addressing the latest adversarial threats. Additionally, we share cyber best practices with industry peers to help to make the industry more secure.
Cybersecurity Risk Management Processes Integrated [Flag]	true
Cybersecurity Risk Management Processes Integrated [Text Block]	Cybersecurity related risks have been identified as material business risks, and identifying, assessing and managing these risks is integrated into our Enterprise Risk Management (ERM) process, which is designed to identify, assess and guide in managing material risks throughout Textron at both the business segment and enterprise levels. We maintain cyber risk/network protection mitigation plans through our ERM process to assist in management of these risks. Our full Board oversees our ERM process through discussions at our Board of Directors’ Annual Strategic Business and Risk Review and at an annual dedicated ERM Review. In addition, high risk areas, including cybersecurity matters, are reviewed and discussed with the full Board or other Board Committees, as appropriate. The Audit Committee, as reflected in its charter, has been designated to assist the Board in its oversight of our ERM process, including with respect to cybersecurity risk. We maintain a detailed Cybersecurity Incident Response Plan that guides our incident response process. Upon the occurrence of a cybersecurity event, the cyber incident response team will follow a predefined process, documenting each step taken, to analyze and validate the event, and, if a cybersecurity incident is suspected to have occurred, quickly perform an initial analysis to determine the incident’s scope. The team will prioritize the response to each incident based on its estimate of the business impact caused by the incident and the estimated efforts required to recover from the incident. Notification of the incident is made to various stakeholders, including senior management and, if appropriate based upon the incident severity assessment, our Board. The team will also conduct incident containment, eradication and recovery, and post incident activity.
Cybersecurity Risk Management Third Party Engaged [Flag]	true
Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]	true
Cybersecurity Risk Materially Affected or Reasonably Likely to Materially Affect Registrant [Flag]	false
Cybersecurity Risk Board of Directors Oversight [Text Block]	Board Oversight of Cybersecurity Matters Oversight of information security matters is conducted by our full Board of Directors. The Board annually receives a comprehensive presentation on information security and controls from our Chief Information Officer (CIO) and, as may be necessary for specific topics, follow up occurs at additional meetings during the course of the year.
Cybersecurity Risk Board Committee or Subcommittee Responsible for Oversight [Text Block]	Our corporate information security organization, led by our Chief Information Security Officer (CISO), who reports to our CIO, is responsible for our overall information security strategy, policy, security engineering, operations and cyber threat detection and response.
Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]	Cybersecurity related risks have been identified as material business risks, and identifying, assessing and managing these risks is integrated into our Enterprise Risk Management (ERM) process, which is designed to identify, assess and guide in managing material risks throughout Textron at both the business segment and enterprise levels. We maintain cyber risk/network protection mitigation plans through our ERM process to assist in management of these risks. Our full Board oversees our ERM process through discussions at our Board of Directors’ Annual Strategic Business and Risk Review and at an annual dedicated ERM Review. In addition, high risk areas, including cybersecurity matters, are reviewed and discussed with the full Board or other Board Committees, as appropriate. The Audit Committee, as reflected in its charter, has been designated to assist the Board in its oversight of our ERM process, including with respect to cybersecurity risk. We maintain a detailed Cybersecurity Incident Response Plan that guides our incident response process. Upon the occurrence of a cybersecurity event, the cyber incident response team will follow a predefined process, documenting each step taken, to analyze and validate the event, and, if a cybersecurity incident is suspected to have occurred, quickly perform an initial analysis to determine the incident’s scope. The team will prioritize the response to each incident based on its estimate of the business impact caused by the incident and the estimated efforts required to recover from the incident. Notification of the incident is made to various stakeholders, including senior management and, if appropriate based upon the incident severity assessment, our Board. The team will also conduct incident containment, eradication and recovery, and post incident activity.
Cybersecurity Risk Role of Management [Text Block]	Management of Cybersecurity Risks Textron Information Services is led by our CIO who has held positions of increasing responsibility within our corporate, Bell and Textron Systems IT organizations since 2008, including leading the IT organizations at both segments in maintaining compliance with the DoD information security requirements, as well as with our enterprise information security policies and standards. He previously led strategic IT projects and teams responsible for delivering global IT solutions for several large U.S. based companies. Our corporate information security organization, led by our Chief Information Security Officer (CISO), who reports to our CIO, is responsible for our overall information security strategy, policy, security engineering, operations and cyber threat detection and response. Our CISO has more than 20 years of experience in the field of information security and holds multiple cybersecurity certifications including the designation of Certified Information Systems Security Professional.
Cybersecurity Risk Management Positions or Committees Responsible [Flag]	true
Cybersecurity Risk Management Positions or Committees Responsible [Text Block]	Our corporate information security organization, led by our Chief Information Security Officer (CISO), who reports to our CIO, is responsible for our overall information security strategy, policy, security engineering, operations and cyber threat detection and response.
Cybersecurity Risk Management Expertise of Management Responsible [Text Block]	Our CISO has more than 20 years of experience in the field of information security and holds multiple cybersecurity certifications including the designation of Certified Information Systems Security Professional.
Cybersecurity Risk Process for Informing Management or Committees Responsible [Text Block]	Cybersecurity related risks have been identified as material business risks, and identifying, assessing and managing these risks is integrated into our Enterprise Risk Management (ERM) process, which is designed to identify, assess and guide in managing material risks throughout Textron at both the business segment and enterprise levels. We maintain cyber risk/network protection mitigation plans through our ERM process to assist in management of these risks. Our full Board oversees our ERM process through discussions at our Board of Directors’ Annual Strategic Business and Risk Review and at an annual dedicated ERM Review. In addition, high risk areas, including cybersecurity matters, are reviewed and discussed with the full Board or other Board Committees, as appropriate. The Audit Committee, as reflected in its charter, has been designated to assist the Board in its oversight of our ERM process, including with respect to cybersecurity risk. We maintain a detailed Cybersecurity Incident Response Plan that guides our incident response process. Upon the occurrence of a cybersecurity event, the cyber incident response team will follow a predefined process, documenting each step taken, to analyze and validate the event, and, if a cybersecurity incident is suspected to have occurred, quickly perform an initial analysis to determine the incident’s scope. The team will prioritize the response to each incident based on its estimate of the business impact caused by the incident and the estimated efforts required to recover from the incident. Notification of the incident is made to various stakeholders, including senior management and, if appropriate based upon the incident severity assessment, our Board. The team will also conduct incident containment, eradication and recovery, and post incident activity.
Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]	true

Cybersecurity Risk Management Processes for Assessing, Identifying, and Managing Threats [Text Block]

Cybersecurity related risks have been identified as material business risks, and identifying, assessing and managing these risks is integrated into our Enterprise Risk Management (ERM) process, which is designed to identify, assess and guide in managing material risks throughout Textron at both the business segment and enterprise levels. We maintain cyber risk/network protection mitigation plans through our ERM process to assist in management of these risks. Our full Board oversees our ERM process through discussions at our Board of Directors’ Annual Strategic Business and Risk Review and at an annual dedicated ERM Review. In addition, high risk areas, including cybersecurity matters, are reviewed and discussed with the full Board or other Board Committees, as appropriate. The Audit Committee, as reflected in its charter, has been designated to assist the Board in its oversight of our ERM process, including with respect to cybersecurity risk.

We maintain a detailed Cybersecurity Incident Response Plan that guides our incident response process. Upon the occurrence of a cybersecurity event, the cyber incident response team will follow a predefined process, documenting each step taken, to analyze and validate the event, and, if a cybersecurity incident is suspected to have occurred, quickly perform an initial analysis to determine the incident’s scope. The team will prioritize the response to each incident based on its estimate of the business impact caused by the incident and the estimated efforts required to recover from the incident. Notification of the incident is made to various stakeholders, including senior management and, if appropriate based upon the incident severity assessment, our Board. The team will also conduct incident containment, eradication and recovery, and post incident activity.

Our Security Culture

We protect our information assets and manage risk by promoting a culture that communicates security risks, designs secure IT systems and operates according to approved processes to reduce the likelihood and impact of security incidents. We achieve this objective by:

•Designing, implementing and maintaining solutions with appropriate security controls.

•Sustaining solutions with required patching and vulnerability remediation.

•Creating and executing controls in support of policy as well as regulatory compliance.

•Ensuring that our policies, processes, practices and technologies proactively protect, shield, defend and remediate cyber threats.

•Delivering quality communications and annual training to stakeholders on cyber awareness and computing hygiene.

We believe that the conduct of our employees is critical to the success of our information security. Through our security awareness program, we keep our employees apprised of threats, risks and the part that they play in protecting both themselves and the company. We conduct periodic compliance training for our employees regarding the protection of sensitive information, which includes mandatory annual cyber safety training for all users with access to our computer network intended to reduce the likelihood of success of cyberattacks which target our employees. We also conduct regular phishing simulations to increase employee awareness on how to spot phishing attempts, and what to do if they suspect an email to be a phishing attack.

We execute penetration testing against our technical environment and processes, and continuously monitor our network and systems for signs of intrusion. We also retain consultants to enhance our penetration testing program with current trends and methodologies utilized against other companies, ensuring we are proactively reducing risk from emerging threats. In addition, we conduct tabletop exercises to prepare for responding to potential cybersecurity events.

We have a rigorous process, including a formal IT risk assessment, to assess our service providers prior to allowing our information to be processed, stored or transmitted by third parties, and we include standardized contractual requirements in each contract where appropriate. We validate our service providers’ security via questionnaires, open-source intelligence and, where appropriate, SOC1 reports on financially significant third-party service providers. Our process also includes regular monitoring of risk related to third parties on a periodic basis or when services or product purchases expand beyond their original scope or intended use.

Protections against insider threat is a critical component of our security strategy, particularly within our defense business units. Our insider threat detection processes are designed to identify and evaluate potential insider threats so that appropriate mitigation can be implemented.

Collaboration with our industry partners and government customers contributes to the protection of Textron’s computing environment as well as our military stakeholders. Textron is engaged with various industry groups such as Aerospace Industries Association, National Defense Information Sharing & Analysis Center and our Defense Industrial Base colleagues to ensure that we are aware of and are addressing the latest adversarial threats. Additionally, we share cyber best practices with industry peers to help to make the industry more secure.

Cybersecurity Risk Management Processes Integrated [Text Block]

Cybersecurity related risks have been identified as material business risks, and identifying, assessing and managing these risks is integrated into our Enterprise Risk Management (ERM) process, which is designed to identify, assess and guide in managing material risks throughout Textron at both the business segment and enterprise levels. We maintain cyber risk/network protection mitigation plans through our ERM process to assist in management of these risks. Our full Board oversees our ERM process through discussions at our Board of Directors’ Annual Strategic Business and Risk Review and at an annual dedicated ERM Review. In addition, high risk areas, including cybersecurity matters, are reviewed and discussed with the full Board or other Board Committees, as appropriate. The Audit Committee, as reflected in its charter, has been designated to assist the Board in its oversight of our ERM process, including with respect to cybersecurity risk.

We maintain a detailed Cybersecurity Incident Response Plan that guides our incident response process. Upon the occurrence of a cybersecurity event, the cyber incident response team will follow a predefined process, documenting each step taken, to analyze and validate the event, and, if a cybersecurity incident is suspected to have occurred, quickly perform an initial analysis to determine the incident’s scope. The team will prioritize the response to each incident based on its estimate of the business impact caused by the incident and the estimated efforts required to recover from the incident. Notification of the incident is made to various stakeholders, including senior management and, if appropriate based upon the incident severity assessment, our Board. The team will also conduct incident containment, eradication and recovery, and post incident activity.

Cybersecurity Risk Third Party Oversight and Identification Processes [Flag]

true

Cybersecurity Risk Board of Directors Oversight [Text Block]

Board Oversight of Cybersecurity Matters

Oversight of information security matters is conducted by our full Board of Directors. The Board annually receives a comprehensive presentation on information security and controls from our Chief Information Officer (CIO) and, as may be necessary for specific topics, follow up occurs at additional meetings during the course of the year.

Cybersecurity Risk Process for Informing Board Committee or Subcommittee Responsible for Oversight [Text Block]

Cybersecurity related risks have been identified as material business risks, and identifying, assessing and managing these risks is integrated into our Enterprise Risk Management (ERM) process, which is designed to identify, assess and guide in managing material risks throughout Textron at both the business segment and enterprise levels. We maintain cyber risk/network protection mitigation plans through our ERM process to assist in management of these risks. Our full Board oversees our ERM process through discussions at our Board of Directors’ Annual Strategic Business and Risk Review and at an annual dedicated ERM Review. In addition, high risk areas, including cybersecurity matters, are reviewed and discussed with the full Board or other Board Committees, as appropriate. The Audit Committee, as reflected in its charter, has been designated to assist the Board in its oversight of our ERM process, including with respect to cybersecurity risk.

We maintain a detailed Cybersecurity Incident Response Plan that guides our incident response process. Upon the occurrence of a cybersecurity event, the cyber incident response team will follow a predefined process, documenting each step taken, to analyze and validate the event, and, if a cybersecurity incident is suspected to have occurred, quickly perform an initial analysis to determine the incident’s scope. The team will prioritize the response to each incident based on its estimate of the business impact caused by the incident and the estimated efforts required to recover from the incident. Notification of the incident is made to various stakeholders, including senior management and, if appropriate based upon the incident severity assessment, our Board. The team will also conduct incident containment, eradication and recovery, and post incident activity.

Cybersecurity Risk Management Positions or Committees Responsible [Flag]

true

Cybersecurity Risk Management Expertise of Management Responsible [Text Block]

Our CISO has more than 20 years of experience in the field of information security and holds multiple cybersecurity certifications including the designation of Certified Information Systems Security Professional.

Cybersecurity Risk Management Positions or Committees Responsible Report to Board [Flag]

true