This wizard will guide you through Ginnie Mae's registration process.
General Users
The Rules of Behavior (RoB) for general users apply to all Ginnie Mae personnel (employees, contractors, interns, etc.) and any other individuals who are granted access to Ginnie Mae information resources and IT systems. Users of Ginnie Mae information, IT resources and information systems must read, acknowledge, and adhere to the following rules prior to accessing data and using Ginnie Mae information and IT resources.
Ginnie Mae Information and IT Resources
When using and accessing Ginnie Mae information and IT resources, I understand that I must:
(1) Comply with federal laws, regulations, HUD and Ginnie Mae policies, standards, and procedures and that I must not violate, direct, or encourage others to violate Ginnie Mae policies, standards, or procedures.
(2) Not allow unauthorized use and access to Ginnie Mae information and IT resources.
(3) Not circumvent or bypass security safeguards, policies, system configurations, or access control measures.
(4) I shall only access Ginnie Mae Information and information resources that I am required to access to perform my official government duties, and I will not attempt to access systems and information that I am not authorized to access.
(5) I understand that I shall be held accountable for my actions while accessing and using Ginne Mae Information or information resources.
(6) I shall behave in an ethical, informed, and trustworthy manner.
(7) I shall follow established procedures for requesting access to Ginnie Mae information resources and for notifying appropriate parties when access is no longer needed.
Expectation of Privacy
When using and accessing Ginnie Mae information and IT resources, I understand that I have no expectation of Privacy. I acknowledge the following:
There is no expectation of privacy when using Ginnie Mae information resources, systems and I consent to be monitored, recorded, and audited at any time.
My use of any Ginnie Mae information system is with the understanding that communications are not private or anonymous and may be subject to disclosure under the Freedom of Information Act (FOIA), 5 U.S.C. § 552 or other applicable legal authority.
My electronic data communications and online activity may be monitored and disclosed to external law enforcement agencies or Department personnel when related to the performance of their duties at any time. For example, after obtaining management approval, Ginnie Mae authorized technical staff may employ monitoring tools in order to maximize the utilization of Ginnie Mae resources.
Password Requirements
When creating and managing my password, I understand that I must comply with the following baseline requirements:
(1) Comply with all Ginnie Mae directed methods of system or application authentication requirements.
 • Protect my password, PIN or token at all times. It will not be shared or mishandled in any way that could inadvertently or intentionally allow others to access Ginnie Mae systems using my credentials.
(2) For Ginnie Mae systems or applications that allow passwords for a means of authentication:
 • Protect my password, PIN or token at all times. It will not be shared or mishandled in any way that could inadvertently or intentionally allow others to access Ginnie Mae systems using my credentials.
 • Dictionary words or common names, such as Stanley, Harry, Randy;
 • Portions of associated account names, for example, user ID, login name;
 • Consecutive character strings, such as abcdef, 123456;
 • Simple keyboard patterns, such as asdfgh, qwerty;
 • Generic passwords, such as a password consisting of a variation of the word “password” (e.g., P@ssword1).
Internet and Email
When accessing and using the internet and email, I understand that I must:
(1) Not connect personal devices to Ginnie Mae systems without proper official authorization.
(2) Download any software or applications without proper official authorization.
(3) Limit web browsing to websites for the purpose of official business and duties.
(4) Not use or share my official email address to access or create accounts on personal websites, subscriptions, services or social media platforms.
Data Protection
When handling, accessing, storing and/or transmitting Ginnie Mae data, I understand that I must:
(1) Take all necessary precautions to protect Ginnie Mae information and IT assets, including but not limited to hardware, software, sensitive information, including but not limited to PII, PHI, federal records, and other Ginnie Mae information from unauthorized access, use, modification, destruction, theft, disclosure, loss, damage, or abuse, and in accordance with Ginnie Mae Policy #4060.02.2001, Data Privacy Policy.
(2) Protect sensitive information (e.g., sensitive information, such as confidential business information, PII, PHI, financial records, proprietary data, etc.) at rest (stored on laptops or other computing devices) regardless of media or format, from disclosure to unauthorized persons or groups. This includes, but is not limited to:
 (a) Never store sensitive information in public folders, unauthorized devices/services or other unsecure physical or electronic locations
 (b) Always encrypt sensitive information at rest and in transit (transmitted via email, attachment, media, etc.)
 (c) Always disseminate passwords and encryption keys out of band (e.g., via text message, in person, or phone call) or store password and encryption keys separately from encrypted files, devices and data when sending encrypted emails or transporting encrypted media
 (d) Access or use sensitive information only when necessary to perform job functions, and do not access or use sensitive information for anything other than authorized purposes.
 (e) Securely dispose of electronic media and papers that contain sensitive data when no longer needed, in accordance with the Ginnie Mae Policy for Records Management and HUD or federal guidelines.
(3) Immediately report all suspected and known security incidents (e.g., GFE loss or compromise, violation of security policies, etc.), privacy breaches (e.g., loss, compromise, or unauthorized access, or use of PII/PHI), and suspicious activities.
(4) I shall immediately report the loss or theft of any Ginnie Mae Information Technology resources to your respective corporate security group supporting Ginnie Mae.
Privacy
I understand that if I am working with PII, I must:
(1) Protect PII* from inappropriate disclosure, loss, or compromise.
(2) Only collect, use, maintain, and disclose PII that is directly relevant and necessary to accomplish a legally authorized purpose.
(3) Disclose PII only to those who need to know the information to execute their work and are authorized to receive it.
Telework and GFE
When teleworking, I understand that I must:
(1) Telework only when approved by management and conduct myself with the same professionalism remotely as required in the workplace.
(2) Safeguard any GFE provided for telework.
(3) Safeguard Ginnie Mae information, equipment, including GFE. Protecting Ginnie Mae information including PII and any sensitive information is just as important at a telework location as it is in a Ginnie Mae building.
 * Personally identifiable information (PII) is information that can be used to distinguish or trace an individual’s identity, either alone or when combined with other information that is linked or linkable to a specific individual. Refer to the Ginnie Mae Data Privacy Policy #4060.02.2001 for definitions and special handling requirements.
Strictly Prohibited Activities
When using Ginnie Mae systems and equipment, I must refrain from the following activities, which are strictly prohibited:
(1) Accessing any social media websites (such as TikTok, YouTube, Twitter, Facebook, etc.) while utilizing GFE, unless required for official Ginnie Mae business.
(2)Accessing, downloading, or clicking on unknown links.
(3) Opening attachments sent via email or text message. Accessing web links from untrusted sources and verify information from trusted sources before clicking attachments.
(4) I must report suspected phishing attempts using the Report Phishing button or forward suspicious emails as an attachment to Phishing@hud.gov
I have read the above Rules of Behavior for General Users and understand and agree to comply with the provisions stated herein. I understand that violations of these RoB or Ginnie Mae information security policies and standards may result in loss of access and privileges and/or disciplinary action.
I understand that my refusal to sign Ginnie Mae’s RoB may have an adverse impact on my relationship with Ginnie Mae and result in denied access to Ginnie Mae Information and information resources.
I understand that exceptions to these RoB must be authorized in advance in writing by the designated authorizing officials. I also understand that violation of federal laws, such as the Privacy Act of 1974, copyright law, and 18 USC 2071, which the Ginnie Mae RoB is drawn upon, are subject to investigation and could lead to administrative action or sanctions.
Please review the Ginnie Mae Privacy Policy.
By selecting Yes I agree to the Ginnie Mae Data Privacy Policy, and the Website Privacy Policy.
This link will open a new tab in your browser. You must navigate to the new tab, read the policy and then return to this page to continue.
Ginnie Mae Privacy Policy
Ginnie Mae Data Privacy Policy
Please enter the 9-digit number on the back of your Ginnie Mae issued RSA SecurID hard token.
Please enter the 9-digit number on the back of your Ginnie Mae issued RSA SecurID hard token.