Bootable Media: A Government Telework Solution

Virtual GFE Secure End-Node Technology

Booting from a CD and installing nothing, the Trusted End Node Security (TENS) family of products creates a temporary, RAM-based, secure end-node for secure telework. The Bootable Media (BootMe) edition provides secure, low-cost desktop virtualization via remote access. This customized version of TENS was created with only minimal, necessary capabilities for more secure remote access to DoD networks. With only a LiveCD and a CAC reader, TENS creates a trusted "virtual GFE" (Government-Furnished Equipment) environment within minutes on almost any x86-based Mac or PC.

In 2009, TENS was evaluated by NSA and approved by ASD NII (DoD CIO) for DoD-wide use during pandemic emergencies, and was certified by AFNIC/EV for the AF-GIG for emergency use. In 2011, it was given a Certificate of Networthiness by the US Army. During the same year, AFNIC revised the certification to include general telecommuting use.

Bootable Media is the only DoD-approved remote access solution using non-GFE. Compared to other solutions, Bootable Media is faster to deploy and cheaper to maintain. To maximize effectiveness and security, each build is customized for one specific network.

A High-Security, Tightly Focused Solution

Our Program Office designed Bootable Media for maximum security, focusing specifically on providing temporary remote access only. Bootable Media connects to multiple VPN infrastructures with a Linux client, authenticated by the user's CAC (or login/password), to your network. Users view their server-side desktop using Citrix Workspace App, VMware Horizon View, or Microsoft Remote Desktop Protocol.

The baseline build is small in size and holds only a tightly-configured Firefox browser, and the remote access tools and clients necessary for enterprise network access. It intentionally lacks drivers for hard drives, printers, and most USB items. It can be configured to restrict general web browsing. Its firewall can be customized to allow only outbound connections to authorized addresses.

Once customized for your organization, the build becomes For Official Use Only (FOUO). Initial deployment and support documents are provided with the customized ISO image. The files and Tier 2 support are free; organizations incur the costs of deployment and sustainment.

Your Custom Build

We are truly sorry, but due to funding limitations, new customizations will not be accepted after 31 March 2021. Modifications to current images will be accepted through 30 April 2021.

We will create a custom Bootable Media build for your specific connectivity and remote desktop infrastructure. Our team will work with you to hone your build by setting specific ports, protocols, and services, and by adding or removing any specific application software. If you have any specific requests, identify them in the appropriate sections of the Bootable Media Request Form.

Prerequisites On Your End

For Your Support Organization

For Your Individual Users

A more detailed list is found as part of the general TENS family's Operating Requirements, but the essentials are:

Bootable Media ATO

Bootable Media version 1.0.3 underwent a full DoD Information Assurance Certification and Accreditation Process (DIACAP) within DISA, and received an Authority to Operate (ATO) on March 9, 2012 from the DISA Designated Approval Authority (DAA). However, the ATO was solely granted for DISA — other using organizations needed their own approvals. DISA subsequently took the product before the Defense Information Assurance Security Accreditation Working Group (DSAWG) and the DISN/GIG Flag Panel (since renamed DoD Information Security Risk Management Committee (DoD ISRMC)) to request DoD enterprise reciprocity for the ATO, which would allow any DoD organization to deploy it. The DISN/GIG Flag Panel issued the enterprise reciprocity memo for the ATO in early January 2013; this serves as an Authority to Connect (ATC) for any DoD component. Individual organizations may have additional certification and accreditation requirements; however, since the product is ordered through the organization’s ISSM, those requirements are assumed to be fulfilled prior to deployment.

DISA renewed the ATO for Bootable Media 1.2.1 on 13 March 2015. The Bootable Media team transitioned to the Risk Management Framework (RMF) process and received an ATO on 10 March 2018. This ATO was renewed in March 2019, with Bootable Media being authorized to operate until 9 March 2022. A copy of the ATO may be viewed/downloaded in the DoD Portal section of this website.

Bootable Media Training Video

Our training video can be fetched from the DoD Portal page.