1. Purpose

   This procedure outlines the steps that divisions are to follow in order to acquire access to the DHSS SFTP server.

2. Applicability

   This procedure applies to all entities that need access to the DHSS SFTP server for the purpose of file exchange.

3. Procedures
   • Vendor/External Agency SFTP User Access Forms
     Vendors/External Agencies requiring access to the DHSS SFTP server need to fill out the following User Access forms. Access will be granted using individual names or the use of system accounts will be allowed when used in an automated process. Required MOA and BAA (when applicable) are to be processed by the Division via Department standard contract processing procedures. User Access forms are to be returned to the DHSS Help Desk via the appointed Division Liaison.
     1. The division requesting access should submit four copies of a completed Secure File Transfer Memorandum of Agreement (MOA) Form, signed by the division and the outside entity. The MOA includes:
        • Appendix A: DTI State Information Transport Network (SITN) Acceptable Use Policy.
        • Appendix B (If the information transferred includes HIPAA-defined Protected Health Information (ePHI)):
          • HIPAA BAA template with the State as the Covered Entity(CE)
          • HIPAA BAA template with the State as the Business Associate (BA)
        • Biggs Data Center User Authorization Form (UAF).
        • Biggs Data Center Non-Disclosure Form.
   • State Employees SFTP User Access Requirements
     State Employees requiring access to the DHSS SFTP server need to fill out the following User Access forms. Access will be granted using individual names or the use of application system accounts will be allowed when used in an automated process. User Access forms are to be returned to the DHSS Help Desk via the appointed Division Liaison.
     1. State Information Transport Network (SITN) Acceptable Use Policy
     2. Biggs Data Center User Authorization Form (UAF)
     3. Biggs Data Center Non-Disclosure Agreement
4. Client Requirements
   1. There are many commercial and "Free" clients available. Two examples are.
      • WinSCP - http://winscp.net/eng/index.php - Free and windows based
      • SecureFX - www.vandyke.com/products/securefx/index.html - Commercial
   2. The SFTP client software must support the following.
      • SSH V2
      • Concurrent Username/Password and Private/Public key authentication. You can download a key generation program such as Puttygen.exe from the Internet and use it to generate a Private/Public Key path. Upon Initial login to the SFTP server you can upload your Public Key File to the Public Key Folder.

This procedure supports DHSS POLICY MEMORANDUM NUMBER: 3, Section F, which requires that DHSS data and files be properly secured against unauthorized access.