Technical Bulletin: #6r-v4 Procedures for Electronically Transmitting ACF-801 Data Files – January 2014
Revised January 2014
- Technical Assistance
- ACF-801, States/Territories
- Technical Bulletins
- Current Guidance
The purpose of this bulletin is to provide States and Territories instructions for establishing the procedures necessary to electronically transmit the CCDF ACF-801 data file that contains the monthly case-level reports. The data files are transmitted directly to the National Institutes of Health (NIH) mainframe, and then transferred to the Administration for Children and Families (ACF) Office of Child Care Information System (OCCIS). The Office of Child Care (OCC) approves three alternative methods of electronic transmission:
- CyberFusion Software
- Secure File Transfer Protocol (SFTP)
- CONNECT: Direct Software (C:D)
Regardless of which method a lead agency chooses to use, a direct connection to NIH must be established.
Each of these methods complies with Federal Information Security Management Act (FISMA) standards. FISMA defines a framework for managing information security that must be followed for all information systems used or operated by a U.S. Federal government agency or by a contractor or other organization on behalf of a Federal agency. This framework is further defined by the standards and guidelines developed by the National Institute of Standards and Technology (NIST) as Federal Information Processing Standards (FIPS) publications and the NIST Special Publications SP-800-series. FIPS Publication 140-2 provides computer security and encryption standards. Additional information may be found on the Computer Security Division website at NIST: http://csrc.nist.gov/
Comprehensive instructions for establishing and using the three ACF-801 data transmission methods are detailed in Section II of this Bulletin. The final section provides contact information for obtaining additional assistance. Required certification and registration forms for CyberFusion, CONNECT:Direct, and Secure FTP are included in the Appendix.
II. Transmission Instructions
CCDF grantees need to be aware of the following as they decide which method to use:
CyberFusion is a secure file transfer software that allows secure integration of data across different computing systems.
One agency in each State has been provided a CyberFusion license by the Social Security Administration (SSA). Child Care programs will have to coordinate with the agency that holds the CyberFusion license in their State to establish a transmission connection for submitting ACF-801 data files directly to NIH. CyberFusion meets FISMA security requirements.
Secure File Transfer Protocol (SFTP)
When securely transmitting ACF-801 data using Secure FTP, lead agencies must use software that meets FISMA security requirements and is FIPS 140-2 certified with the FIPS mode enabled. This will allow for the encryption of the data and secure transmission of confidential information. A list of Secure FTP software that is FIPS 140-2 certified is available at:
It is the responsibility of each grantee to ensure that the installed version of the Secure FTP software is configured correctly to meet the security requirements. The lead agency must certify that the Secure FTP software utilized and configured by the State meets FISMA FIPS 140-2 security requirements.
The required Certification Form (Appendix) must be completed and returned to the National Center on Child Care Data and Technology (NCDT), and the proposed software must be approved by the Office of Information Systems (OIS) prior to implementing a Secure FTP process. Periodically, OCC will ask each grantee to confirm that the software version they are using has not changed. If the State/Territory wishes to change the SFTP software version that they are using, the new version must be approved prior to making any changes.
States that have their own CONNECT:Direct license may continue to use it to transmit their ACF-801 data files to NIH. Child care programs must coordinate with the agency in their State that has the C:D license to put in place a direct connection to NIH. The ACF’s Office of Information Services (OIS) has confirmed that specific versions of CONNECT:Direct meet FISMA security requirements. Additional details about C:D FISMA compliance can be found on the NIST web site: http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm
Regardless of the method that a grantee uses, there are five steps to follow for ensuring a smooth data transmission process:
- Notify the NCDT which transmission method will be used for future data submission.
- Establish effective internal information flow procedures.
- Establish the Dataset Naming Convention.
- Establish the connection with NIH.
- Perform the Data Transmission Link and Loop Tests.
Once these five steps are completed, and the connection with NIH has been established and tested, the State/Territory may begin submitting actual monthly ACF-801 data files.
1. Notify NCDT
NCDT has been tasked by the OCC to track and support grantee ACF-801 data transmission activities and once a grantee has decided which of the three transmission options it will use, it must contact NCDT to inform them of that choice (see contact information in Section III). Documents that grantees must complete and return before a submission test can be scheduled are included in the Appendix.
2. Establish Internal Information Flow Procedures
Before initiating the transmission set up procedures outlined below, it is essential first to establish effective information flow procedures between the grantee child care data center and the State IT site. Grantees are encouraged to develop a procedure for transmitting the ACF-801 data to the State IT center. This procedure ensures that child care data files are sent to the appropriate individual at the State IT site for on-time transmittal to OCCIS.
Once the data file has been sent to NIH and the data are processed by OCCIS, a Summary Assessment Report (SAR) is generated and sent via e-mail to the designated personnel at the State site. The State Administrator should identify those individuals that are to receive the SAR and should provide NCDT the e-mail addresses of these individuals.
The SAR that is sent to States via e-mail after data have been submitted, received, and processed by OCCIS, serves as an important tool for assessing the quality of the data. The latest version of Technical Bulletin # 9: Using the ACF-801 Data Assessment Reports (online at time of this revision at: http://www.acf.hhs.gov/programs/occ/resource/tb09) provides guidance on the interpretation and application of these reports.
Established information flow procedures will help grantees move forward more easily to implement their chosen data transmission method.
3. Establish the Dataset Naming Convention
You must use the following dataset naming convention for the file being transmitted to OCCIS. If you do not follow this exact naming convention, OCCIS will not be able to process your ACF-801 data file:
where xx is the two-letter postal code abbreviation for your State, and yyyy, mmdd and hhmm respectively, are the four-digit year, the two-digit month and day, and the military time (based on a 24-hour clock) of the transmission.
For example, if you are submitting a data file for Alabama’s ACF-801 data on July 15, 2012 at 1:15 pm then the dataset name should be:
4. Establish the Connection with NIH
The State Network Systems Administrators will need to work with OIS/NIH personnel to establish a connection to NIH. NCDT will help facilitate this process by providing technical information and OIS/NIH contact information.
5. Perform the Data Transmission Link and Loop Tests
You must perform two separate tests on your data transmission process before you can transmit the first actual data.
Test data file transmission connection: The first test verifies that there is a file transmission connection between the State and NIH. This test involves transmitting the test data file from your State site to NIH. Successful completion of this test confirms that your site connects and transmits the file.
NOTE: Use the following dataset name for the test data file:
Notice that there is a "T" instead of a "Y" that indicates the year. The “T” indicates that this is a data file to test the connection between the State's data transmission site and NIH and should not be processed.
Test data file transmission loop: The second test is called a “loop test” because it checks that all aspects of the data transmission connection between sites are working properly. Inform NCDT when you are ready to perform the loop test. Once the date is established, start the test by extracting and creating the ACF-801 data file and then transmit it to your State data center site. That site, in turn, transmits the data file to OCCIS using the naming convention described in Step 3 above.
NOTE: When you begin the loop test, be sure to enter “111111” in the report period data element for the monthly summary record field. Using this entry tells the system that you are transmitting test data that should not be saved.
III. Resources for Assistance
The National Center for Child Care Data and Technology (NCDT) is your primary initial point of contact as you move forward to initiate or change the transmission of the ACF-801 report. NCDT staff will provide basic information and refer you to other resources as needed. In addition, if you have general questions, contact NCDT:
Toll free: 1-877-249-9117
E-mail at: firstname.lastname@example.org
Technical Assistance Specialists are available Monday-Friday from 9:00 am to 5:00 pm prevailing Eastern Time.
Required CCDF Data Transmission Forms
INSTRUCTIONS FOR COMPLETING THE ACF-801 STATE REGISTRATION FORM FOR FILE TRANSMISSION USING CYBERFUSION
- Date: Date the form is completed and sent.
- State: Name of the State requesting connection to NIH via CyberFusion.
- State CCDF Program Contact: The State person that is the primary data contact.
- State System Contact: The State person responsible for maintaining/setting up CyberFusion identifiers. (This person will be contacted if there is a connection problem such as an incorrect IP address.)
- State Network Contact: The State person responsible for maintaining/updating network connections. (This person will be contacted if there is a network problem.)
- Platform: Indicate the type of platform where CyberFusion is hosted.
- State IP address: State IP address used for establishing connection via CyberFusion.
- State PORT #: State PORT number.
- State Compression (optional): Identify compression if used by the State.
- Encryption: As configured by NIH – HIPAA encryption. (Default = RJ)
- State ID and Password: Check Yes or No if a State requires an ID/Password. If Yes, the System Contact Person listed above will be contacted to obtain this information.
The form must be signed by the ACF-801 primary State contact. Once the form is completed and signed, email it to: email@example.com or fax it to (301) 816-8640, Attention NCDT
ACF-801 STATE REGISTRATION FORM FOR CYBERFUSION
Items 1-3 are to be completed by the State CCDF Program contact for ACF-801. Additional information may be required at the time the file transmission test is done with your State.
1. DATE: _____/_____/_______
2. STATE: _____________________
3. STATE CCDF PROGRAM CONTACT: _________________________________________________ TELEPHONE: ______________________ Email: ____________________________________________
Items 4-11 are to be completed by a system contact.
4. STATE SYSTEM CONTACT: _________________________________________________________
TELEPHONE: ____________________ Email ______________________________________________
5. STATE NETWORK CONTACT: _______________________________________________________
TELEPHONE: _______________________ Email ____________________________________________
6. CYBERFUSION PLATFORM (circle one or write in): MVS or UNIX ________________________
7. IP ADDRESS: ___________________________________
8. PORT #: ________________________________________
9. COMPRESSION (optional): ________________________
10. ENCRYPTION: NIH has configured HIPAA encryption. (Default = RJ)
11. Does your State require ID Password: Yes_____ No ______
SIGNATURE: State CCDF Program Contact ________________________________________________
PLEASE EMAIL (NCDT@CHILDCAREDATA.ORG) OR FAX (301-816-8640) SIGNED FORM
FOR ACF USE ONLY: CONTACT ________________________ REC’D DATE ___________
INSTRUCTIONS FOR COMPLETING THE ACF-801 STATE REGISTRATION FORM
FOR FILE TRANSMISSION USING CONNECT:Direct
Items 1-4 to be filled out by State contact for ACF-801 data (See #3 below):
1. Date: Date the form is prepared.
2. State: Name of the State requesting C:D connection to NIH.
3. State Contact, phone number, and e-mail: Primary State Child Care person who has program/policy responsibility for creating and submitting ACF-801 data. (This person will be contacted if there is a problem with the format and contents of the data.)
4. State Application Contact, phone number and e-mail: State person who is responsible for creating C:D process and electronically submitting the data file from State C:D site to TITAN. (This person will be contacted if there is a problem with the file transmission.)
Items 5-10 to be filled out by CONNECT:Direct contact:
5. State C:D Contact, phone number and e-mail: State person responsible for maintaining/setting up C:D software. (This person will be contacted if there is a C:D problem such as an incorrect Node id.)
6. State C:D Node ID: State's CONNECT:Direct Node ID.
7. Platform: Place an "X" for the appropriate platform where C:D is running
8. State IP Address: State IP address used for establishing connection via CONNECT:Direct
9. State Network C:D Contact, phone number and e-mail: State person responsible for maintaining/updating C:D network definitions. (This person will be contacted if there is a network problem.)
10. State point of entry security (requires ID/Password)?: Check Yes or No if point of entry security is set-up at the State’s network system. If Yes, then call NCDT for instructions on how to provide your ID and Password.
NOTE for ACF-801 data file transmission using CONNECT:Direct:
The State MUST ensure that encryption is enabled while transferring ACF-801 data files.
ACF-801 STATE REGISTRATION FORM FOR CONNECT:DIRECT
Items 1-4 to be filled out by State contact for ACF-801 data (See #3 below):
1. DATE: _____/_____/_______
2. STATE: ____________________________
3. STATE CONTACT: ___________________________________ TELEPHONE NUMBER ( ) _________
4. STATE APPLICATION CONTACT: _______________________ TELEPHONE NUMBER ( ) _________
Items 5-10 to be filled out by a CONNECT:Direct contact:
5. STATE C:D CONTACT: _____________________ TELEPHONE: ( ) _____ -_________
6. STATE C:D NODE ID ______________________ 7. PLATFORM: MVS UNIX
8. STATE IP Address: ____________________________________________________________
9. STATE NETWORK C:D CONTACT: ____________________ TELEPHONE: ( ) _____ -_________
10. STATE POINT OF ENTRY SECURITY (requires ID / Password)?: YES _____ NO ____
PLEASE EMAIL (NCDT@CHILDCAREDATA.ORG) OR FAX (301-816-8640) COMPLETED FORM
FOR ACF USE ONLY:
REC’D DATE ___________
ACF-801 STATE CERTIFICATION FORM FOR FILE TRANSMISSION USING SECURE FILE TRANSFER PROTOCOL (SFTP)
When securely transmitting ACF-801 data via Secure FTP, lead agencies must certify that they are using software that meets FISMA security requirements and is FIPS 140-2 certified with the FIPS mode enabled. This will allow for the encryption of the data and secure transmission of confidential information. A list of Secure FTP software that is FIPS 140-2 certified is available at:
Complete and return this certification form to the Office of Child Care, in care of the National Center on Child Care Data and Technology (NCDT):
2600 Tower Oaks Boulevard, Suite 600
Rockville, MD 20852
Secure FTP Transmission Security Certification
(STATE/TERRITORY NAME) ____________________________ has elected to use the following Secure FTP software ___________________________________ to transmit the required monthly ACF-801 data files to the NIH computer center, Office of Child Care Information System (OCCIS). We certify that the Secure FTP software we are using is configured correctly to meet FISMA FIPS 140-2 security requirements and has the FIPS mode enabled.
ADMINISTRATOR NAME (Please print): ____________________________________________________________________
ADMINISTRATOR ADDRESS: ____________________________________________________________________________
SFTP CONTACT NAME (Individual who manages the SFTP access/transmission process): ____________________________
SFTP CONTACT PHONE: _______________________________________________________________________________
SFTP CONTACT E-MAIL: _______________________________________________________________________________
ADMINISTRATOR SIGNATURE: __________________________________________________________________________
NOTE: If you need additional information please contact NCDT at 1-877-249-9117