Ginnie Mae Adopts Cybersecurity Notification Requirement

Ginnie Mae Adopts Cybersecurity Notification Requirement

Ginnie Mae has implemented Cybersecurity Incident reporting requirements as part of its continued commitment to the security and integrity of all operational systems and critical technology infrastructure related to the issuance and servicing of Ginnie Mae Mortgage-Backed Securities (MBS).

Details were provided in All Participants Memorandum (APM) 24-02,

  • Effective immediately, Issuers must notify Ginnie Mae of a cyber security incident within 48 hours of detection.

What they’re saying: “These Cybersecurity Incident Reporting requirements are an important part of managing cyber risk that could impact our program,” said Ginnie Mae President Alanna McCargo (pictured).

  • “Prompt and clear communication is critical to managing cybersecurity events as they unfold. This new requirement is an important step in further enhancing our cybersecurity framework to meet current and future needs.”

Published by

Darryl Hicks

Darryl Hicks is Vice President of Communications for the National Reverse Mortgage Lenders Association. In this capacity, Hicks writes for NRMLA's publications, manages the association's web sites and social media accounts, assists committees and the Board of Directors, and manages the Certified Reverse Mortgage Professional designation. Prior to joining NRMLA in 1999, Hicks spent three years in the Washington, D.C. bureau for National Mortgage News.