Enterprise File Transfer (EFT) Setup Instructions

1.0 | INTRODUCTION The purpose of this Questionnaire is to collect the technical details needed to setup the EFT exchange process with the Centers for Medicare & Medicaid Services (CMS).

Please provide as much detail as you can when completing this survey. Return the completed survey within 3 business days to EFT_ADMIN@cms.hhs.gov.

** An incomplete survey may cause a delay in the time it takes to complete this request. **

A selection must be made for each checkbox grouping. All other fields enter the requested information. Not applicable information, please add N/A.

3.0 | CONTACT INFORMATION For technical questions, please contact the EFT group at eft_admin@cms.hhs.gov and a technician will contact you.

For application related questions, please contact your CMS GTL (Government Task Lead) or the CMS EFT GTL at CMS_EFT_GTL@cms.hhs.gov.

4.0 | INFORMATION SECURITY Each application is responsible for enforcing authorization to content and functionality within the application. Access Manager and RACF provide authorization to the applications as a whole by applying policies that have been defined for the application’s GTL to the user data. For example, the policy for the MARx UI requires that a user have either a Submitter or a Representative plan Role attribute or that a user requires access to a particular dataset.

Once the user has been authorized through Access Manager, the user is also defined in the IBM Sterling B2B Integrator Suite (formerly Gentran, also known as SI) or the Managed File Transfer Internet Server (MFT IS) applications or through RACF that the user has dataset access to manage file access for Connect:Direct (C:D) or Managed File Transfer Platform Server (MFT PS).

4.1 | User Provisioning EIDM ID’s are required for Sterling Integrator/ Gentran and MFT Internet Server. These IDs are registered to individuals and expire every 60 days. For any issues related to your account or password, please contact the CMS IT Service Desk at 1-800-562-1963 or 410-786-2580 or the MAPD helpdesk at 1-800-927-8069 or mapdhelp@cms.hhs.gov.

For sites utilizing SSH servers, a System ID is required. This ID can be requested by completing a Secure Point of Entry (SPOE) form.

Confidential Version 1.1 | 2/26/ 2015 EFT Setup Questionnaire | Page 1

4.2 | RACF The CMS business partners who use Connect: Direct to transmit files directly to the mainframe environment in the CMS data center will be required to specify a Secure Point of Entry (SPOE) in their Connect Direct processes. This SPOE will be automatically converted to a CMS RACF user ID that will be used to authenticate the user.

The CMS business partners who use MFT Platform Server to transmit files directly to the mainframe environment in the CMS data center will be required to specify a remote user and password in their MFT processes. Typically, the remote user and password is stored encrypted on the remote node in a MFT initiator user profile. The CMS MFT Platform Server will convert the remote user ID and password to a CMS RACF user ID using encrypted MFT responder user profiles. This CMS RACF user ID will be used for user authentication and to determine the user’s authorization to files.

4.3 | SSH keys or x.509 Certificates The CMS business partners, who connect to the second instance of MFT Internet Server, must authenticate using an SSH2 key or an x.509 certificate.

5.0 | PASSWORD EXCHANGES For SSH keys and account passwords, if your site has a process for notifying the EFT group for an expiring password, please provide a contact and the procedure documentation. The Partner Server document will need to be updated and resubmitted to the EFT group.

6.0 | FILE NAMING CONVENTIONS Mainframe filename (What we create)

T#EFT.OG.TIFF.C%%%%%%.DYYMMDD.THHMMSST

Please follow the guidelines for CMS file naming conventions:

• No more than 44 characters

• No more than 8 characters per qualifier

• The qualifiers cannot start with a number

• The last 2 qualifiers must be the date and time stamp (see above)

• Test files begin with a T#

Confidential Version 1.1 | 2/26/ 2015 EFT Setup Questionnaire | Page 2

• Production files begin with a P#

7.0 | ADDITIONAL DOCUMENTATION REQUIRED Internet Server

• Partner Server Information document (outbound to customer)*

• If using SSH servers, SPOE form*

Platform Server

• Partner Server Information document*

• SPOE form*

• VPN**

• ISA form

C:D

• Partner Server Information document*

• SPOE form*

• VPN**

• ISA form (new connection)

*Documents can be provided by NGS if needed. ** Document can be provided by the EFT GTL.

Confidential Version 1.1 | 2/26/ 2015 EFT Setup Questionnaire | Page 3

EFT Setup Questionnaire Date:

A. CUSTOMER INFORMATION

Service Request No.:

Customer Name:

3rd Party Vendor:

B. CONTACT INFORMATION 1. CMS BUSINESS OWNER CONTACT (This should be a CMS employee)

Full Name:

First Last Phone: Email Address:

2. CMS GOVERNMENT TASK LEAD CONTACT Full Name:

First Last Phone: Email Address:

3. TECHNICAL CONTACT (This is the person that will be assisting with the setup)

Full Name:

First Last Phone: Email Address:

C. APPLICATION INFORMATION

What is the CMS Application name? Example: MARx, MBD or EDB

D. DATA TRANSFER INFORMATION 1. Which electronic file transfer platform do you wish to setup? (Check only one)

☐ MFT INTERNET SERVER ☐ MFT PLATFORM SERVER (Cyberfusion)

☐ SI (GENTRAN) ☐ CONNECT DIRECT (C:D)

Confidential Version 1.1 | 2/26/ 2015 EFT Setup Questionnaire | Page 4

2. Does the transferred file(s) contain PII (Personal Identifiable Information)?

☐ Yes ☐ No

3. Please show the flow of data.

Example: External server to CMS application.

Source Destination

John Doe’s CMS CMS Application Server

Mainframe

1. The data’s source is John Doe’s server.

2. The data will flow through the CMS Mainframe.

3. The data’s destination is the CMS Application.

Please describe the flow of data from the source to the destination:

1. The data’s source is

2. The data will flow through the

3. The data’s destination is

Please describe the flow of data for the response file (if necessary):

1. The data’s destination was

2. The data will flow through the

3. The data will arrive to

4. What is the frequency that the files will be sent?

☐ Daily ☐ Weekly ☐ Monthly ☐ Quarterly ☐ Annually

What is the frequency that the files will be received?

☐ Daily ☐ Weekly ☐ Monthly ☐ Quarterly ☐ Annually

Confidential Version 1.1 | 2/26/ 2015 EFT Setup Questionnaire | Page 5

5. What is the total estimated file size(s)?

☐ less than 1GB ☐ 1GB to 300GB ☐ greater than 300GB

6. How many files will be transmitted? Sent: Received:

7. Are there any special handling requirements associated with the data? Example: Outbound files sent to multiple destinations or binary transfer. Special Requirements:

8. For files going through the CMS Mainframe: Please provide the logical record length, record format and block size for the new files.

Logical record length: Record format:

Block size:

9. Is there a current dataset at CMS for the file?

☐ Yes ☐ No

If yes, please provide the name:

If not, is there something EFT can put into the new name EFT creates to help identify the file (some required information)?

Suggested Identifier (maximum of 14 characters):

10. Provide an estimated date when you would like to begin testing:

11. What is your expected Production Date?

Confidential Version 1.1 | 2/26/ 2015 EFT Setup Questionnaire | Page 6

No data

2.0 | ACTIVITY HISTORY

Version1 Activity Type Details Activity Owner Owner Role Date V1.0 Creation Janelle Watters EFT Specialist 9/3/14

V1.1 Updated Added EIDM information Erik Holloway EFT Analyst II 2/26/15

1 Assign whole numbers to major revisions, such as 1.0, 2.0, 3.0, etc.

Confidential Version 1.1 2/26/ 2015 | EFT Setup Questionnaire Page 7 |