Please share this information with all your staff who file Form BA-6a, BA-6 Address Report, as well as programming staff that support this function.

Prepared by:

Background

Employee address records are maintained for the purpose of mailing to the employee Form BA-6, "Certificate of Service Months and Compensation".  Employers are required to file Form BA-6a, "BA-6 Address Report", with the RRB for new hires only.  This report is due by April 1 each year.  If you have no new hires, no address report is necessary.  It is the employee's responsibility to report any address change to the Railroad Retirement Board (RRB).  Instructions for an employee to report subsequent address changes are on the employee's BA-6.  An employee can also report an address change to their local RRB office.

New Reporting Option

The RRB now offers an e-mail equivalent of Form BA-6a that can be used starting with the reporting season that begins January 1, 2007. Addresses for new hires are currently reported on:

• Paper Form BA-6a;
• Magnetic media (cartridge, disk, or CD-ROM);
• Computer listing; or
• On the Internet via the Employer Reporting System (ERS).

Secure E-mail Using Digital IDs

Because Form BA-6a contains sensitive personal information such as social security numbers, we must exchange e-mail information securely to insure that no one can intercept and read or alter the information.

Accordingly, we are required to take security precautions that meet the standards currently prescribed by the National Institute of Standards and Technology (NIST). To meet these security requirements all e-mail messages we exchange must be encrypted and signed with a Digital ID, and information will be protected in accordance with security controls outlined in NIST guidance 800-53.”

A Digital ID or certificate is a computer file that identifies the sender. E-mail software uses this file to "digitally" sign e-mail messages to prove a sender’s identity to the recipient’s computer.

A digital signature does two things:

• It lets the recipient of the e-mail confirm the identity of the sender, and
• It tells the recipient that the e-mail was not tampered with in transit.

A Digital ID typically contains the following information:

• Your public key
• Your name and e-mail address
• Expiration date of the public key
• Name of the company [the Certification Authority (CA)] who issued your Digital ID
• Serial number of the Digital ID
• Digital signature of the CA

Encryption

To encrypt (scramble) data we use a system with two keys. The key pair consists of a public and a private key. The keys are used like keys in a lock, except the key pair requires one key to secure the lock and another to open the lock.

When you request and install a Digital ID, your Web browser creates both a private key that can only be used with the Digital ID you requested, and a public key that becomes part of your Digital ID. Access to your private key will be password protected.

With key pairs, your e-mail application will use the RRB’s public key to encrypt messages you send to us. The RRB, upon receipt of your encrypted e-mail message, will use our matching private key to decrypt the message.

Secure E-mail Process

Before you can send the RRB an encrypted message, you must first get our public key. You do this by simply requesting that we send you a signed e-mail message, which contains our Digital ID and public key. Then your e-mail application can automatically store the RRB’s Digital ID with public key in your contacts folder until you need to use it. Your e-mail application uses the RRB public key to encrypt the messages you send to us. From that point on, only the RRB's private key can decrypt the message.

When the RRB sends you an encrypted message, we will use your public key. Once the e-mail message is encrypted with your public key, only those individuals in your organization who have the matching private key can decrypt the message.

Steps:

1. Acquire a Digital ID from a company called a Certification Authority (CA), for example, Verisign or Thawte Certification. The cost of an individual Digital ID is about $20.00 per year.
    

2. Once you have received and installed a Digital ID, distribute it to the RRB by sending an e-mail message to the ‘cesc@rrb.gov’ mailbox. The Digital ID that you send contains your public key. This will allow the RRB to send you encrypted e-mail messages using your public key. Only you will have the corresponding private key that allows you to decrypt the RRB reply.
    

3. The RRB will acknowledge your e-mail submission by sending you our public key for the ‘cesc@rrb.gov’ mailbox. This will allow you to send encrypted E-mail requests containing the RRB’s public key. Only the RRB will have the corresponding private key to decrypt the e-mail message.
    

4. Once the parties have stored each others’ Digital IDs, all further e-mail exchanges can be made securely.

E-mail Submissions of Form BA-6a

In order to verify that the holder of the employer’s Digital ID or certificate is authorized to prepare and electronically submit reports on behalf of the railroad, the employer must complete RRB Form G-117a, “Designation of Contact Official” (OMB approved 3220 0200) to provide the identifying information we will use to establish the authorized railroad employee(s) in our database. From that point on, a Form G-440, Reports Specification Sheet, which must be signed by a contact official, must be faxed to A&T-Quality Reporting Service Center with every e mail.

To facilitate reporting of addresses for multiple employees, please prepare a text file using the format and instructions described below. Each e-mail must include the employer’s name and employer number (BA number), as well as the number of records on the file. The file records must be 120 characters in length. Any fields not used should be left blank. There should be no record which contains blank address data. Save the file in ASCII character format as a text document and send the file as an attachment to your e-mail message. The Form BA-6a record layout is shown below.

Position Data and Instructions

 

Paperwork Reduction Act Notice

The information specified in this report, which is required by law under section 7(b)(6) of the Railroad Retirement Act (RRA) and Section 209.12 of the Code of Federal Regulations, will be used by the Railroad Retirement Board to mail to the employees of your company Form BA-6, Certificate of Service Months and Compensation. Failure to report or the making of a false or fraudulent report can result in criminal prosecution or civil penalties, or both.

We estimate the e-mail equivalent of Form BA-6a takes an average of 15 minutes per response to complete, including the time needed for reviewing the instructions, getting the needed data, and reviewing the completed form. Federal agencies may not conduct or sponsor, and respondents are not required to respond to, a collection of information unless it displays a valid OMB number. If you wish, send comments regarding the accuracy of our estimate or any other aspect of this form, including suggestions for reducing completion time, to Chief of Information Resources Management, Railroad Retirement Board, 844 Rush St, Chicago, Illinois 60611-2092.