Case Study: Fannie Mae achieves continuous third-party cybersecurity monitoring with BitSight

How Fannie Mae uses BitSight to monitor the security of their vendors

Fannie Mae, the leading source of U.S. residential mortgage credit, faced the common challenge of managing cyber risk from hundreds of third‑party vendors and suppliers—a gap made worse by traditional point‑in‑time, checklist assessments. Deputy CISO Christopher Porter selected BitSight’s security ratings and continuous external monitoring service to add an “outside‑in” perspective to Fannie Mae’s existing inside‑out due‑diligence process and to provide ongoing visibility into vendor security posture.

BitSight populated Fannie Mae’s vendor portfolio with security scores, weekly alerts for score deviations (5%+), vendor self‑remediation access, and folder grouping for executive reporting, without adding headcount. Fannie Mae initially onboarded about 400–500 vendors (ramping to 1,000–2,000), used BitSight to trigger vendor conversations and remediation, and measured concrete improvements—tracking its own score rises (e.g., 30–40 points after changes)—demonstrating faster detection, better vendor accountability, and stronger continuous monitoring using BitSight.

Fannie Mae

Christopher Porter

Deputy Chief Information Security Officer