This chapter provides guidance for “File Transfer,” which is the process or action of transferring files from one system to another and governs transferring files among CMS datacenter and cloud environments as well as between CMS environments and external partners. “Enterprise File Transfer (EFT),” a.k.a. Electronic File Transfer, as defined in this chapter, is a product or system purpose-built to perform file transfers between systems, applications, and platforms by employing encryption and authentication to maintain data integrity and confidentiality. It is used to securely share large volume of data.
Any operating system can transfer files directly without the aid of an EFT system. In complex or challenging applications, EFT systems may provide advanced scheduling, workflow, and management of file transfers, support multiple sources and destinations, offload other system components, and improve the scalability, reliability, auditing, and security of file transfers.
CMS strongly recommends that all CMS data remain within CMS authorization boundaries, except for public data released by CMS. Colloquially, the preference is for this data to remain “inside CMS firewalls.” The implication is that the need for outbound file transfer ought to be limited where possible.
The concepts, strategies, and guidelines in this chapter align principally with the EFT Team’s EFT User Guide, Version 2.1, May 9, 2023.
Although the foregoing document defines the details of specific EFT products and services at CMS, this chapter provides guidance and business rules for implementing file transfer processes at CMS with or without an EFT product.
File Transfer and Enterprise File Transfer
File Transfer includes all file transfers between CMS data centers or cloud environments (i.e., intra-CMS file transfers) as well as those between CMS environments and external partners. In many situations where scale, security, or reliability are a concern, file transfer may be implemented using EFT products and services.
Enterprise File Transfer, a.k.a. Electronic File Transfer, refers generically to enterprise file transfer products and technologies used or implemented by CMS applications and data processing environments to transfer files. In a few cases, this chapter explicitly refers to specific EFT products by name or to the “CMS EFT System” or the “CMS EFT Infrastructure” when discussing the shared EFT services CMS provides across the Agency.
EFT products and services support management, authentication, verification, scheduling, logging, and/or notification and post-processing of file transfers between organizations or destinations. File transfers do not necessarily require use of an EFT service. Using an EFT product or service may provide needed capabilities such as error-detection, retransmission, multiple destinations, and audit trails.
The CMS ePortal and other CMS external portals offer file upload services for accepting files from external users, and file download services for allowing external users to request and receive files. Some portals are also capable of offering “managed” file download and upload services that use client-side software to ensure a successful transfer.
Scope
This chapter addresses all file transfers between CMS data center or cloud environments (i.e., intra-CMS file transfers) as well as those between CMS data centers and external partners. This chapter does not apply to transfers occurring within the authorization boundary of a given system . File transfer between production and non-production environments, as well as upload and download services for end users are outside the scope of this chapter.