Bootable Media: A Government Telework Solution
- Secure end-node for remote desktop access
- Low-cost "virtual GFE" telework solution
- Use on almost any x86 Mac or PC; nothing to install
- Customized for your DoD network and mission needs
- Allows DoD personnel to work from an alternate work location during COOP situations, pandemic emergencies, weather-related events, illnesses, or other similar circumstances
- ATO from DISA, currently expiring 9 March 2022
Virtual GFE Secure End-Node Technology
Booting from a CD and installing nothing, the Trusted End Node Security (TENS) family of products creates a temporary, RAM-based, secure end-node for secure telework. The Bootable Media (BootMe) edition provides secure, low-cost desktop virtualization via remote access. This customized version of TENS was created with only minimal, necessary capabilities for more secure remote access to DoD networks. With only a LiveCD and a CAC reader, TENS creates a trusted "virtual GFE" (Government-Furnished Equipment) environment within minutes on almost any x86-based Mac or PC.
In 2009, TENS was evaluated by NSA and approved by ASD NII (DoD CIO) for DoD-wide use during pandemic emergencies, and was certified by AFNIC/EV for the AF-GIG for emergency use. In 2011, it was given a Certificate of Networthiness by the US Army. During the same year, AFNIC revised the certification to include general telecommuting use.
Bootable Media is the only DoD-approved remote access solution using non-GFE. Compared to other solutions, Bootable Media is faster to deploy and cheaper to maintain. To maximize effectiveness and security, each build is customized for one specific network.
A High-Security, Tightly Focused Solution
Our Program Office designed Bootable Media for maximum security, focusing specifically on providing temporary remote access only. Bootable Media connects to multiple VPN infrastructures with a Linux client, authenticated by the user's CAC (or login/password), to your network. Users view their server-side desktop using Citrix Workspace App, VMware Horizon View, or Microsoft Remote Desktop Protocol.
The baseline build is small in size and holds only a tightly-configured Firefox browser, and the remote access tools and clients necessary for enterprise network access. It intentionally lacks drivers for hard drives, printers, and most USB items. It can be configured to restrict general web browsing. Its firewall can be customized to allow only outbound connections to authorized addresses.
Once customized for your organization, the build becomes For Official Use Only (FOUO). Initial deployment and support documents are provided with the customized ISO image. The files and Tier 2 support are free; organizations incur the costs of deployment and sustainment.
Your Custom Build
We are truly sorry, but due to funding limitations, new customizations will not be accepted after 31 March 2021. Modifications to current images will be accepted through 30 April 2021.
We will create a custom Bootable Media build for your specific connectivity and remote desktop infrastructure. Our team will work with you to hone your build by setting specific ports, protocols, and services, and by adding or removing any specific application software. If you have any specific requests, identify them in the appropriate sections of the Bootable Media Request Form.
Prerequisites On Your End
For Your Support Organization
- Ability to burn ISO images and to distribute custom user documentation
- Ability to deploy CDs/DVDs, USB CAC readers, and user materials
- Sufficient network resources to support remote users
- Tier 1 Help Desk infrastructure to support your custom TENS build
- Contingency planning for your Bootable Media users, as well as how Bootable Media fits into your organization’s overall Contingency Plan
For Your Individual Users
A more detailed list is found as part of the general TENS family's Operating Requirements, but the essentials are:
- x86 PC or Mac, bootable CD/DVD drive
- 1.5 GB RAM, possibly more based on your build's software choices
- Wired, wireless, or cellular broadband Ethernet connection to internet
- USB smart card reader
Bootable Media ATO
Bootable Media version 1.0.3 underwent a full DoD Information Assurance Certification and Accreditation Process (DIACAP) within DISA, and received an Authority to Operate (ATO) on March 9, 2012 from the DISA Designated Approval Authority (DAA). However, the ATO was solely granted for DISA — other using organizations needed their own approvals. DISA subsequently took the product before the Defense Information Assurance Security Accreditation Working Group (DSAWG) and the DISN/GIG Flag Panel (since renamed DoD Information Security Risk Management Committee (DoD ISRMC)) to request DoD enterprise reciprocity for the ATO, which would allow any DoD organization to deploy it. The DISN/GIG Flag Panel issued the enterprise reciprocity memo for the ATO in early January 2013; this serves as an Authority to Connect (ATC) for any DoD component. Individual organizations may have additional certification and accreditation requirements; however, since the product is ordered through the organization’s ISSM, those requirements are assumed to be fulfilled prior to deployment.
DISA renewed the ATO for Bootable Media 1.2.1 on 13 March 2015. The Bootable Media team transitioned to the Risk Management Framework (RMF) process and received an ATO on 10 March 2018. This ATO was renewed in March 2019, with Bootable Media being authorized to operate until 9 March 2022. A copy of the ATO may be viewed/downloaded in the DoD Portal section of this website.
Bootable Media Training Video
Our training video can be fetched from the DoD Portal page.