Ginnie Mae has implemented Cybersecurity Incident reporting requirements as part of its continued commitment to the security and integrity of all operational systems and critical technology infrastructure related to the issuance and servicing of Ginnie Mae Mortgage-Backed Securities (MBS).
Details were provided in All Participants Memorandum (APM) 24-02,
- Effective immediately, Issuers must notify Ginnie Mae of a cyber security incident within 48 hours of detection.
What they’re saying: “These Cybersecurity Incident Reporting requirements are an important part of managing cyber risk that could impact our program,” said Ginnie Mae President Alanna McCargo (pictured).
- “Prompt and clear communication is critical to managing cybersecurity events as they unfold. This new requirement is an important step in further enhancing our cybersecurity framework to meet current and future needs.”