FAQs

Frequently Asked Questions

  • Funding

    Question

    Should AAAs spend State funds first, then the Federal funds?

    Answer

    In an effort to maintain consistent service levels, it is CDA’s expectation that each AAA spends all funds (State and Federal) available as allocated to each State Fiscal Year (SFY) and proportionately based on match requirements for the services provided.

    However, for the HICAP grant only, since the HICAP Federal Grant does not require a State match and since it is now awarded for a three year period ending March 31, 2020, it allows the AAAs some flexibility in managing the funds. State funds are only available within the SFY and expenditures must be recorded by June 30 for each year’s appropriation. Unspent Federal funds may be carried over into the following SFY. Therefore, CDA is not instructing AAAs to spend State funds first, but rather to ensure that all State funds are expended prior to June 30 to maximize service levels. AAAs should be mindful that carryover of Federal funds from year-to-year should be minimal and not routine given service levels should be maintained as outlined in the initial allocation. Also, Federal funding from year-to-year is never a guarantee since the allocation provided in the budget display is what is anticipated at the point-in-time and could change due to subsequent enacted budgets.

  • Information Security

    Question

    What type of encryption is required and for what devices?

    Answer

    Any 128 bit encryption software will meet the encryption requirements. AAAs would need to ensure compliance with this requirement for any devices that access, transmit, or store data related to the services provided through the contract with CDA.

    Question

    Are AAAs responsible for ensuring that their subcontractors meet the encryption requirements and how can AAAs verify that their subcontractors meet the requirements?

    Answer

    Yes, AAAs who subcontract services are still contractually responsible for ensuring compliance with encryption requirements, which can be met through a Self-Certification process. The Self-Certifications do not need to be sent to CDA, as these would be verified at the time that the AAA is monitored by CDA.

    Question

    Who is required to complete the security awareness training and how do AAAs verify completion of the security awareness training?

    Answer

    The Information Security Awareness Training is required for all employees and volunteers who provide services related to any of the CDA contracts. This includes, but is not limited to: AAA employees; subcontractor employees; vendor employees; volunteers; etc.

    The certificates of completion will need to be printed out but do not need to be sent to CDA, as these would be verified when CDA monitors the AAA.