Log in to FDM
Security Questions & Answers
Q: What assurance do filers have that their information can't be intercepted over the Internet? (Communication security)
A: FDM is a secure, web-based application. All communications between the FDM servers and the user's desktop/laptop computers are secure - making it virtually impossible for someone to “snoop” on the communications.

Q: What assurance do filers have that FDM's servers are protected from hackers? (Logical intrusion -- Hacker security)
A: FDM is hosted on a server that has been hardened using current DISA guidance. Ports and services that are not needed have been removed from the operating system. Servers are patched on a regular basis or as updates are provided. Hardware firewalls and Intrusion Detection Systems (IDS) are monitoring and blocking unauthorized connections outside the enclave. The servers use current anti virus software to check for viruses in real time and check all files weekly. Virus definitions are set to automatically download nightly. Logs are checked for unauthorized access or server problems on a routine basis.

Q: What assurance do filers have that FDM's servers are protected from physical intrusion? (Physical security)
A: The servers are located in secured server rooms. The building is guarded IAW local security procedures. There is no access without a government issued building access pass, or without an escort by a person with a building pass. Access is granted to government sponsored individuals only.
Data backups are routinely performed and stored on tapes and/or a server in another Government facility at a different location. Security for those servers and for the server rooms is comparable to the primary server location. All server rooms used are climate controlled with both air conditioning and humidifiers to control heat and static electricity.

Q: Who can access a filer's report? (Information privacy)
A:
• The filer and any assistant the filer approves.
• The filer's SLC and the ethics counselor(s) that support that SLC.
• The filer's supervisor.
• The supervisor's SLC and the ethics counselor(s) that support that SLC.
• The ADAEO and any ethics counselor(s) that support the ADAEO.

Q: Who can create/modify filer data in a report? (Information integrity)
A:
• The filer's assistant can create/modify filer data before the filer submits a report into the review process – once submitted, an assistant can only view the filer's data.
• A filer can create or modify filer data any time before it has been submitted for final ADAEO review – once submitted for that final review, a filer can only view his/her data.
• Reviewers can never create or modify filer data in a report.
• Reviewer's can add comments to a report. Further, comments entered by a reviewer cannot be modified or deleted by another reviewer.

Q: What happens in the event of a compromise of a Filer's personal financial information?
A: The FDM Program Office will initiate action in accordance with Department of Defense policy, Safeguarding Against and Responding to the Breach of Personally Identifiable Information, https://dpcld.defense.gov/Portals/49/Documents/Privacy/PII_Memo_Safeguard.pdf (5 Jun 2009).

Q: What redress is available in the event of a compromise of personal data?
A: The person who suffered the compromise may report the matter to the Army Privacy Office, https://www.rmda.army.mil/privacy/RMDA-PO-Infractions.html, and the FDM Program Office for investigation.