Electronic Verification Services

The Vendor is required to provide for Electronic Verification Services.
- File Transfer
• Secure FTP must directly connect from Point to Point (agency to host site) to download data files, using at minimum Secure Shell (SSH 2) protocol and Advanced Encryption Standard (AES) 256 bit cipher on port 22.
• Agency shall be allowed and able to connect to and download the files from the vendor’s secured host site 24 hours a day, 7 days a week.
• All files shall be retained on the Vendor SFTP Server for 60 days from the date they are made available.
• Files that fail to meet technical requirements will be rejected, logged, and not processed until corrections are completed.
- File Encryption
• Files shall be encrypted using a 4096 bit key and RSA asymmetric algorithm, at minimum.
• Agency shall provide the public key certificate for encryption.
• The naming convention for encrypted files shall be followed as
- Data File Format
• Encrypted File Extension: .gpg
• File Extension: .vrr (Vital Record Requests)
• Naming Convention for Data Files: YYYYMMDD_hhmmss_df.vrr.gpg
• The data file shall be a flat file.