bannerimage
Newsroom
 
Search
Share To Twitter Share To LinkedIn Share To Twitter Share
* To
* From
Message
URL
https://www.ginniemae.gov/newsroom/Pages/PressReleaseDispPage.aspx?ParamID=314
Print Friendly
​​​​​​

‭(Hidden)‬ Ginnie Mae Breadcrumb

Press Release​s​

Ginnie Mae Adopts Cybersecurity Incident Notification Requirement
Contact: GinnieMaeCommunications@HUD.gov
Published Date: 3/4/2024 12:20 PM

WASHINGTON, D.C. – Today, in All Participants Memorandum (APM) 24-02, Ginnie Mae announced the implementation of new Cybersecurity Incident reporting requirements. These requirements are part of Ginnie Mae’s continued commitment to the security and integrity of all operational systems and critical technology infrastructure related to the issuance and servicing of Ginnie Mae Mortgage-Backed Securities (MBS).

Effective immediately, Issuers must notify Ginnie Mae of a cyber security incident within 48 hours of detection. A Cybersecurity Incident is any unauthorized access to, or use, disclosure, alteration, transfer, or destruction of, confidential information or non-public personal information (NPI) that may impact the Issuer’s ability to meet its obligations under the terms of the Guaranty Agreement. Issuers who subservice for others are required to notify Ginnie Mae whether the incident occurred to their own portfolio, and/or one or more subserviced portfolios.

Once the notification is received, representatives from Ginnie Mae will contact the designated point of contact to obtain additional information and establish the level of engagement needed depending on the scope and nature of the incident.

“These Cybersecurity Incident Reporting requirements are an important part of managing cyber risk that could impact our program,” said Ginnie Mae President Alanna McCargo. “Prompt and clear communication is critical to managing cybersecurity events as they unfold. This new requirement is an important step in further enhancing our cybersecurity framework to meet current and future needs.”

Ginnie Mae’s new Cybersecurity Incident APM is part of its holistic approach to augmenting its cybersecurity protocols, with the intent of further refining its organization-wide information security, business continuity and reporting requirements.

For more information and resources regarding the new Cybersecurity Incident notification requirements, please refer to APM 24-02​.

If you have any questions about the policy announced in this APM, please contact your Account Executive directly.

Additional information about Ginnie Mae is available at www.ginniemae.gov and on X (formerly known as Twitter), YouTube, Facebook, and LinkedIn.

About Ginnie Mae

Ginnie Mae is a wholly owned government corporation that attracts global capital into the housing finance system to support homeownership for veterans and millions of homeowners throughout the country. Ginnie Mae MBS programs directly support housing finance programs administered by the Federal Housing Administration, the Department of Veterans Affairs, the Department of Housing and Urban Development’s Office of Public and Indian Housing and the Department of Agriculture Rural Housing Service. Ginnie Mae is the only MBS to carry the explicit full faith and credit of the United States government.