Technical Bulletin #6r- v5 March 201 6



Similar documents
Technical Bulletin #6r- v4 Reviewed January 201 5

VPN. VPN For BIPAC 741/743GE

Data Exchange Preparation Procedures

How To Establish IPSec VPN connection between Cyberoam and Mikrotik router

Building scalable IPSec infrastructure with MikroTik. IPSec, L2TP/IPSec, OSPF

Secure Data Transfer

Use Shrew Soft VPN Client to connect with IPSec VPN Server on RV130 and RV130W

VPN Configuration Guide. Juniper Networks NetScreen / SSG / ISG Series

Technical Bulletin #2. National Youth in Transition Database (NYTD) Compliance Standards

Chapter 4 Virtual Private Networking

Creating a Gateway to Client VPN between Sidewinder G2 and a Mac OS X Client

Configuring IPsec VPN with a FortiGate and a Cisco ASA

Configuring TheGreenBow VPN Client with a TP-LINK VPN Router

IPsec VPN Application Guide REV:

Configuration Guide. How to establish IPsec VPN Tunnel between D-Link DSR Router and iphone ios. Overview

Compliance and Industry Regulations

Chapter 6 Configuring the SSL VPN Tunnel Client and Port Forwarding

VPN Configuration Guide Netgear FVS338 / FVX538 / FVS124G

Introduction to Security and PIX Firewall

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Sonicwall Firewall.

Setting up VPN Tracker with Nortel VPN Routers

Configuring IPSec VPN Tunnel between NetScreen Remote Client and RN300

Data Exchange Preparation Procedures_006. Document Control Number

Wholesale Partner Technical Guide

Case Study for Layer 3 Authentication and Encryption

Request for Resume (RFR) CATS II Master Contract. Section 1 General Information R00B

How To Industrial Networking

SFTP (Secure Shell FTP using SSH2 protocol)

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SFTP (Secure File Transfer Protocol)

System to System Interface Guide

The BANDIT Products in Virtual Private Networks

How to configure VPN function on TP-LINK Routers

How to configure VPN function on TP-LINK Routers

Appendix A: Configuring Firewalls for a VPN Server Running Windows Server 2003

Obtaining a user account and password: To obtain a user account, please submit the following information to AJRR staff:

IPSec Pass through via Gateway to Gateway VPN Connection

BGC Interface Guide FTP-via-Internet MANUAL FOR YOUR COMPANY November 2008

Configure Backup Server for Cisco Unified Communications Manager

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Global Client Access Managed Communications Solutions. JPMorgan - Global Client Access. Managed Internet Solutions (EC Gateway)

Katana Client to Linksys VPN Gateway

DRAFT Standard Statement Encryption

Network-Enabled Devices, AOS v.5.x.x. Content and Purpose of This Guide...1 User Management...2 Types of user accounts2

Online Banking for Business Secure FTP with SSH (Secure Shell) USER GUIDE

Based on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel.

APNIC elearning: IPSec Basics. Contact: esec03_v1.0

VPN. Date: 4/15/2004 By: Heena Patel

INFORMATION EXCHANGE AGREEMENT BETWEEN THE SOCIAL SECURITY ADMINISTRATION (SSA) AND THE [NAME OF STATE] (STATE)

Internet. SonicWALL IP SEV IP IP IP Network Mask

Virtual Private Networks (VPN) Connectivity and Management Policy

Quick Note 041. Digi TransPort to Digi TransPort VPN Tunnel using OpenSSL certificates.

Configuring a Site-to-Site VPN Tunnel Between Cisco RV320 Gigabit Dual WAN VPN Router and Cisco (1900/2900/3900) Series Integrated Services Router

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Fortinet Firewall. Overview

McAfee Firewall Enterprise 8.2.1

The VPNaaS Plugin for Fuel Documentation

Royal Mail Business Integration Gateway Specification

Ingate Firewall. TheGreenBow IPSec VPN Client Configuration Guide.

Establishing a VPN tunnel to CNet CWR-854 VPN router using WinXP IPSec client

Office of Personnel Management, Federal Employees Health Benefits, Centralized Enrollment Clearinghouse System (CLER) for OPM Version 3.0.

FL EDI SECURE FTP CONNECTIVITY TROUBLESHOOTING GUIDE. SSL/FTP (File Transfer Protocol over Secure Sockets Layer)

Revisions to Publication 199, Intelligent Mail Package Barcode. (IMpb) Implementation Guide for: Confirmation Services and

Connecticut Justice Information System Security Compliance Assessment Form

Understanding the Cisco VPN Client

Connecting to and Setting Up a Network

WS_FTP Professional 12. Security Guide

HIPAA Transaction ANSI X Companion Guide

VPN Tracker for Mac OS X

How Managed File Transfer Addresses HIPAA Requirements for ephi

File transfer clients manual File Delivery Services

VPN Configuration Guide. ZyWALL USG Series / ZyWALL 1050

SUSE Linux Enterprise 12 Security Certifications Common Criteria, EAL, FIPS, PCI DSS,... What's All This About?

This section provides a summary of using network location profiles to identify network connection types. Details include:

TheGreenBow IPsec VPN Client. Configuration Guide Cisco RV325 v1. Website: Contact:

IPsec VPN Security between Aruba Remote Access Points and Mobility Controllers

Common Remote Service Platform (crsp) Security Concept

Secure Shell SSH provides support for secure remote login, secure file transfer, and secure TCP/IP and X11 forwarding. It can automatically encrypt,

TIBCO Managed File Transfer Suite

Shipping Services Files (SSF) Secure File Transmission Account Setup

BizTalk Server Adapters

OFFICIAL SECURITY CHARACTERISTIC MOBILE DEVICE MANAGEMENT

Department of the Interior Privacy Impact Assessment

Configuration Guide. How to set up the IPSec site-to-site Tunnel between the D-Link DSR Router and the Cisco Firewall. Overview

Electronic Data Interchange (EDI) 5010 Clearinghouse Services Guide

Release Notes. NCP Secure Entry Mac Client. 1. New Features and Enhancements. 2. Improvements / Problems Resolved. 3. Known Issues

VPN Configuration Guide Linksys RV042/RV082

Application Notes. How to Configure UTM with Apple OSX and ios Devices for IPsec VPN

Nuclear Regulatory Commission Computer Security Office Computer Security Standard

Chapter 8 Virtual Private Networking

Remote Connectivity for mysap.com Solutions over the Internet Technical Specification

Deploying PGP Encryption and Compression for z/os Batch Data Protection to (FIPS-140) Compliance

Transcription:

Child Care and Development Fund Procedures for Electronically Transmitting ACF-801 Data Files Technical Bulletin #6r- v5 March 201 6 I. INTRODUCTION The purpose of this bulletin is to provide States and Territories instructions for establishing the procedures necessary to electronically transmit the CCDF ACF-801 data file that contains the monthly case-level reports. The data files are transmitted directly to the National Institutes of Health (NIH) mainframe, and then transferred to the Administration for Children and Families (ACF) Office of Child Care Information System (OCCIS). In 2015, several changes were introduced into the electronic transmission process, including the discontinuation of support for the use of CONNECT:Direct software. The Office of Child Care (OCC) currently approves two methods of electronic transmission: TIBCO (CyberFusion) Managed File Transfer (MFT) Software, and Secure File Transfer Protocol (SFTP) software. Each State/Territory grantee can be provided a license to use the TIBCO MFT software if they do not already have it. Regardless of which method a lead agency chooses to use, a direct connection to NIH must be established. Each of these methods complies with Federal Information Security Management Act (FISMA) standards. FISMA defines a framework for managing information security that must be followed for all information systems used or operated by a U.S. Federal government agency or by a contractor or other organization on behalf of a Federal agency. This framework is further defined by the standards and guidelines developed by the National Institute of Standards and Technology (NIST) as Federal Information Processing Standards (FIPS) publications and the NIST Special Publications SP-800-series. FIPS Publication 140-2 provides computer security and encryption standards. Additional information may be found on the Computer Security Division website at NIST: http://csrc.nist.gov/. Comprehensive instructions for establishing and using the two ACF-801 data transmission methods are detailed in Section II of this Bulletin. The final section provides contact information for obtaining additional assistance. Required certification and registration forms for TIBCO MFT and Secure FTP are included in the Appendix, along with a request form for the MFT software. 1

II. TRANSMISSION INSTRUCTIONS CCDF grantees need to be aware of the following as they decide which method to use: TIBCO Managed File Transfer (MFT) formerly known as CyberFusion Managed File Transfer is a secure file transfer software that allows integration of data across different computing systems. ACF has purchased licenses for TIBCO MFT for each State/Territory. ACF s licenses allow grantees to transmit their data files for ACF program office systems (Child Care, AFCARS, NYTD, and TANF) to the National Institutes of Health (NIH) data center. If moving to MFT to transmit files, Child Care programs may have to coordinate with the agency that holds the MFT software in their State to establish a transmission connection for submitting ACF-801 data files directly to NIH. CCDF grantees also may choose to operate independently, set up their own child care specific connection to the NIH server, and transmit their required data files directly. Secure File Transfer Protocol (SFTP) When securely transmitting ACF-801 data using Secure FTP, lead agencies must use software that meets FISMA security requirements and is FIPS 140-2 certified with the FIPS mode enabled. This will allow for the encryption of the data and secure transmission of confidential information. A list of Secure FTP software that is FIPS 140-2 certified is available at: http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401vend.htm. It is the responsibility of each grantee to ensure that the installed version of the Secure FTP software is configured correctly to meet the security requirements. The lead agency must certify that the Secure FTP software utilized and configured by the State meets FISMA FIPS 140-2 security requirements. The required Certification Form (see Appendix) must be completed and returned to the National Center on Child Care Data and Technology (NCDT), and the proposed software must be approved by the Office of Information Systems (OIS) during the process of setting up the Secure FTP connection. Periodically, OCC will ask each grantee to confirm that the software version they are using has not changed. If the State/Territory wishes to change the SFTP software version that they are using, the new version must be approved prior to making any changes. Regardless of the method that a grantee uses, there are five steps to follow for ensuring a smooth data transmission process: 1. Notify the NCDT which transmission method will be used for future data submission. 2. Establish effective internal information flow procedures. 3. Establish the Dataset Naming Convention. 4. Establish the connection with NIH. 5. Perform the Data Transmission Connection and Processing Tests. 2

Once these five steps are completed, and the connection with NIH has been established and tested, the State/Territory may begin submitting actual monthly ACF-801 data files. 1. Notify NCDT NCDT has been tasked by the OCC to track and support grantee ACF-801 data transmission activities and if a grantee decides to change the method of transmission, it must contact NCDT to inform them of that change (see contact information in Section III). Documents that grantees must complete and return before a submission test can be scheduled are included in the Appendix. 2. Establish Internal Information Flow Procedures If a grantee is sharing data submission responsibilities with other programs via a central IT Center, it is essential first to establish effective information flow procedures between the child care program and the IT site. Grantees are encouraged to develop a procedure for transmitting the ACF-801 data to the State/Territory IT center that ensures that child care data files are sent to the appropriate individual at the State/Territory IT site for on-time transmittal to OCCIS. Similar quality and review procedures are required regardless of whether the child care program sends required reports through an IT center or directly. Once the data file has been sent to NIH and the data are processed by OCCIS, a Summary Assessment Report (SAR) is generated and sent via e-mail to the designated personnel at the grantee site. The State Administrator should identify those individuals that are to receive the SAR and should provide NCDT the e-mail addresses of these individuals. The SAR that is sent to grantees via e-mail after data have been submitted, received, and processed by OCCIS, serves as an important tool for assessing the quality of the data. The latest version of Technical Bulletin # 9: Using the ACF-801 Data Assessment Reports (available online at: http://www.acf.hhs.gov/programs/occ/resource/current-technical-bulletins) provides guidance on the interpretation and application of these reports. Established information flow procedures will help grantees move forward more easily to implement their chosen data transmission method. 3. Establish the Dataset Naming Convention You must use the following dataset naming convention for the file being transmitted to OCCIS. If you do not follow this exact naming convention, OCCIS will not be able to process your ACF- 801 data file: VVG1IWI.PCCIS.NDM.xx.HUB.Yyyyy.Dmmdd.Thhmm where xx is the two-letter postal code abbreviation for your State/Territory, and yyyy, mmdd and hhmm respectively, are the four-digit year, the two-digit month and day, and the military time (based on a 24-hour clock) of the transmission. 3

For example, if you are submitting a data file for Alabama s ACF-801 data on July 15, 2016 at 1:15 pm then the dataset name should be: 4. Establish the Connection with NIH VVG1IWI.PCCIS.NDM.AL.HUB.Y2016.D0715.T1315 The State/Territory Network Systems Administrators will need to work with OIS/NIH personnel to establish a connection to NIH. NCDT will help facilitate this process by providing technical information and OIS/NIH contact information. 5. Perform the Data Transmission Connection and Processing Tests You generally must perform two separate tests on your data transmission process before you can begin using the process routinely. Test data file transmission connection (Step 1 of 2): The first test verifies that there is a file transmission connection between the State/Territory and NIH. This test involves transmitting the test data file from your site to NIH. Successful completion of this test confirms that your site connects and transmits the file. NOTE: Use the following dataset name for the test data file: VVG1IWI.PCCIS.NDM.xx.HUB.Tyyyy.Dmmdd.Thhmm Notice that there is a "T" instead of a "Y" that indicates the year. The T indicates that this is a data file to test the connection between the State/Territory's data transmission site and NIH and should not be processed. Submit Production File (Step 2 of 2): Once you have confirmed that the connection is in place, the second test is to submit a production file. Inform NCDT of the name of the file that you are transmitting, and when you have transferred the file. NCDT staff will review the file to be sure that it arrives, that it meets all of the formatting requirements, and that it can be successfully processed in OCCIS. In addition, this also will ensure that the Summary Assessment Report (SAR) is successfully sent back via e-mail to the designated grantee staff. Once both aspects of the testing are successfully completed, you may begin using the new connection for your routine data submissions. 4

III. RESOURCES FOR ASSISTANCE The National Center for Child Care Data and Technology (NCDT) is your primary initial point of contact as you move forward to initiate or change the transmission method of the ACF-801 report. NCDT staff will provide basic information and refer you to other resources as needed. In addition, if you have general questions, contact NCDT: Toll free: 1-877-249-9117, E-mail at: ncdt@childcaredata.org. Technical Assistance Specialists are available Monday-Friday from 9:00 am to 5:00 pm prevailing Eastern Time. 5

APPENDIX Required CCDF Data Transmission Forms Managed File Transfer Registration Form SFTP Certification Form Request for MFT Software

Managed File Transfer Registration Form If NOT using VPN complete items 1-8. If using VPN complete items 1-14. NOTE: It takes about 2 weeks to set up the VPN tunnel. You will be contacted when VPN set up is complete to test connection. 1. State/Territory name or abbreviation 2. Name, Phone, and Email Address of state system technical point of contact 3. Name, Phone, and Email Address of state network technical point of contact 4. Production or Test State System 5. File Transfer Method (TIBCO (MFT), SFTP using PC-based client (PC-SFTP), SFTP using host system utility (SSH- SFTP)) 6. File types transferred with ACF using this file transfer method and this state system & IP address (AFCARS, NYTD, TANF, Child Care) 7. System Type (HPUX, SUN/SOLARIS, AIX, LINUX, WINDOWS, AS/400, OS/390, z/os, Other) 8. State Remote Host IP Address and Subnet Mask VPN STATES 9. State VPN Device Brand [Router, FW] 10. State VPN endpoint IP Address and Subnet Mask 11. Encapsulation AES 256 or AES 128 Name: Phone: Email: Name: Phone: Email: ACF/OIS will contact state poc listed in item 2 and/or 3. ACF/OIS will contact state poc listed in item 2 and/or 3. 12. Hash Code HMAC (MD5, SHA1, SHA2) 13. Transport or Tunnel Mode 14. Agree on a pre-shared key Please return your competed form to the National Center on Data and Technology (NCDT) via email at NCDT@childcaredata.org or via fax at 301-816-8640.

ACF-801 STATE/TERRITORY CERTIFICATION FORM FOR FILE TRANSMISSION USING SECURE FILE TRANSFER PROTOCOL (SFTP) When securely transmitting ACF-801 data via Secure FTP, lead agencies must certify that they are using software that meets FISMA security requirements and is FIPS 140-2 certified with the FIPS mode enabled. This will allow for the encryption of the data and secure transmission of confidential information. A list of Secure FTP software that is FIPS 140-2 certified is available at: http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401vend.htm Complete and return this certification form to the Office of Child Care, in care of the National Center on Child Care Data and Technology (NCDT): Mail: NCDT C/O GDIT 2600 Tower Oaks Boulevard, Suite 600 Rockville, MD 20852 E-mail: ncdt@childcaredata.org Fax: 301-816-8640 Secure FTP Transmission Security Certification (STATE/TERRITORY NAME) has elected to use the following Secure FTP software to transmit the required monthly ACF-801 data files to the NIH computer center, Office of Child Care Information System (OCCIS). We certify that the Secure FTP software we are using is configured correctly to meet FISMA FIPS 140-2 security requirements and has the FIPS mode enabled. ADMINISTRATOR NAME (Please print) ADMINISTRATOR ADDRESS PHONE E-MAIL SFTP CONTACT NAME (Individual who manages the SFTP access/transmission process) SFTP CONTACT PHONE SFTP CONTACT E-MAIL ADMINISTRATOR SIGNATURE DATE: NOTE: If you need additional information please contact NCDT at 1-877-249-9117

State/Territory/Tribe Request Form for Cyberfusion software from ACF ACF has a contract with TIBCO, Cyberfusion vendor, which allows ACF to provide Cyberfusion software to states, territories and tribes for data file transmissions to ACF program offices Federal systems. Currently the following ACF offices use Cyberfusion for file transmissions to their systems: Children s Bureau (CB) - Adoption and Foster Care Analysis and Reporting System (AFCARS), National Youth in Transmission Database (NYTD), Office of Child Care (OCC) - Child Care Information System Office of Family Assistance (OFA) - State and Tribal Temporary Assistance for Needy Families (TANF). ACF Federal program office manager(s) approve the request and provide the signed form to the Office of Information Services (OIS). OIS contacts and coordinates with states, territories and tribes to provide the Cyberfusion software. State/Territory/Tribe Information and System: State/Territory/Tribe name/abbr. and for what system data file transmission(s) (AFCARS, NYTD, OCC, TANF): State/Territory/Tribe IT POC manager and POC who will install/configure software: (name, email) IT Mgr. POC: Email: Install POC: Email: State/Territory/Tribe: Cyberfusion platform: (check one) Unix Linux Windows Mainframe Other: ACF USE ONLY: ACF Program Office Federal manager: Date: Please return your competed form to the National Center on Data and Technology (NCDT) via email at NCDT@childcaredata.org or via fax at 301-816-8640.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information