EDUCATIONAL WORKBOOK

Freddie Mac Information Security Requirements Workbook

This workbook is designed to help you on your journey towards compliance with Freddie Mac's information security requirements, effective July 3, 2023.

In this document, you will find:

Some history and helpful information about Freddie Mac and their requirements.
The full Freddie Mac Information Security Requirements wording.
A summary checklist, with some friendlier terms.
A listing of related resources from the FFIEC and NIST.
A Tandem Mapping to highlight places in Tandem that you can use to help you comply.
And some related fun facts and trivia from Tandem’s recent Cybersecurity Survey, as well as our Cybersecurity Assessment Tool Peer Analysis.

Download (.PDF)

WEBINAR RECORDING

Maintaining Compliance with Freddie Mac's New Information Security Requirements

Click here to download the PDF version of the slide deck.

Additional resources

An Overview of Freddie Mac's Updated Information Security Requirements (tandem.app)
Single-Family/ Servicer Guide (mf.freddiemac.com)
Fannie Mae Single Family Selling Guide (singlefamily.fanniemae.com)
Bulletin 2023-6 - Updated Information Security Requirements (guide.freddiemac.com)
Free Policy Template: Mobile Device Management (MDM) Policy (tandem.app)
How to Create an Effective Incident Management Plan (tandem.app)
Ransomware Incident Response Playbook (tandem.app)
Third-Party Incident Response Playbook (tandem.app)
Architecture, Infrastructure, & Operations Booklet Section VII. A Cloud Computing (ithandbook.ffiec.gov)
Information Security and Privacy Updates Side-By-Side Comparison (sf.freddiemac.com)

Tandem Products

Tandem is an information security and compliance software-as-a service created to help financial institutions improve information security, stay in compliance, and lower overhead costs. Tandem helps you maintain compliance with information security requirements from Freddie Mac, Fannie Mae, and other federal agencies while ensuring successful operations.

Audit Management

Conduct and respond to audits through a unique framework designed to help you manage, track, and report on the results.

Learn More

Business Continuity Planning

Define and outline plans and procedures to effectively manage operations before, during, and after a disaster.

Learn More

Compliance Management

Identify, schedule, and track important compliance projects and deadlines, such as reporting, audits, training, and operations.

Learn More

Cybersecurity

Complete and report on the FFIEC Cybersecurity Assessment Tool using a streamlined framework. Report your growth plan and peer comparison data to management.

Learn More

Identity Theft Prevention

Create your Identity Theft Prevention Program document, along with customizable employee training for Identity Theft Red Flags.

Learn More

Incident Management

Prepare for security incidents by developing an incident response plan. When incidents do occur, track and document them throughout your incident handling process.

Learn More

Internet Banking Security

Create risk assessments for different types of customer e-banking accounts. Offer education with expert-designed security awareness materials.

Learn More

Phishing

Test and train your employees to recognize and avoid social engineering attacks by sending simulated phishing emails.

Learn More

Policies

Create and maintain your enterprise-wide policies in Tandem. Use our Information Security Policies set, tailored for your institution through a multiple-choice questionnaire.

Learn More

Risk Assessment

Perform an information security risk assessment, as well as individual information asset risk assessments with our easy-to-follow format in Tandem.

Learn More

Vendor Management

Manage contracts, documents, risk assessments, and other information related to your third-party relationships.

Learn More