Trusted End Node Security
Frequently Asked Questions
- Download and Installation Issues
- Operational Issues (you have a TENS CD but something doesn't work)
- Feature-related Questions (on features present or absent)
- Known Problems
- Technical Details
- How Can TENS Be Used?
- Policy, Program, or Administrative Questions
- What do I do with this ISO file?
- How can I tell if my CD is burned properly?
- I get an 'invalid security certificate' error when downloading from your web site; is that a problem?
- Do we need to install any server-side software?
- Can TENS run from a USB stick instead of a CD?
- Can I build an TENS USB stick using Linux?
- How can I run TENS if I can't boot from a CD or a USB device?
- Do I need to install CAC software, ActiveClient, or anything else?
- How do I load CAC middleware on my Linux system?
- How do I install TENS on Windows 7? Ubuntu? Other operating systems?
- Can I run TENS in a virtual machine (VM) like Oracle VirtualBox, VMware, VirtualPC, etc.?
- How do I verify hashes?
An ISO file is an ISO 9660 filesystem disk image. You will need to use media authoring or "disc burning" software to put the ISO file onto a bootable disc (CD-ROM or in some cases, a DVD). For more info, see Burning an ISO.
See our technical note on burning CDs. Basically, it's burned properly if it boots TENS. You have to use disc burning software that understands the ISO image format. If you burned the CD like you were saving files to a CD, then it probably won't work. If you browse the burned disc and see a .iso file, then it's not burned properly; you should see directories and files. Ensure that your CD burner works properly, and can burn other images. It is also possible the ISO file was corrupted during download; please download it again and see if that helps.
I get an 'invalid security certificate' error when downloading from your web site; is that a problem?
To access any of our SSL-protected web pages, you will need to authorize your browser to trust either our certificate, or (better choice) the US Government's DoD Root CA (which vouches for the root of our certificate chain). The easiest way to do the latter is via DISA's InstallRoot utility.
You do not need to install any server-side services to run TENS. This is a client solution. We have a custom TENS-Professional solution for customers wishing to connect to a corporate or organizational network, but TENS doesn't require any additional services for this configuration either. TENS-Professional works with existing remote access infrastructure. TENS-Public is not designed to connect to corporate or organizational networks, just the public internet.
Yes. We include a script to help you build a bootable copy of TENS on a USB device. Complete instructions are here.
Yes, although you have to do it manually. Complete instructions are here.
If the computer can't boot from a CD or a thumb drive, then you cannot run TENS. Everything starts with booting into our system. Note that users of newer computers using Secure Boot will need to disable Secure Boot before booting from a CD/DVD.
ActivClient is the CAC middleware for Microsoft Windows; you don't need it to use TENS. TENS includes its own CAC middleware for Linux. Attach a USB CCID-compliant smart card reader and you should be good to go.
This really isn't a question for us, since we're not in the business of providing general support for Linux systems. TENS is based on Linux, but it runs from its own boot CD. However, if you are looking for information on how to do something similar that TENS does by leveraging your own Linux system, take a look at the MilitaryCAC.com website. It is not an official government website, but is run by an individual with extensive experience in implementing CAC solutions.
TENS is not an application; you don't install it as such. TENS is a turnkey solution that uses a Linux bootable CD to turn your existing computer into "virtual GFE" (Government-Furnished Equipment) by booting a trusted operating system and not mounting the local hard drive. You can use TENS on virtually any x86-compatible computer regardless of the operating system (Windows, Mac OS X, Linux) that typically is used. TENS ignores the local hard drive and boots its own code from read-only media. So you just need to make sure your computer can boot from CD, and you're good to go.
In general, yes, but this is not encouraged since kernel malware on the host can still be a threat. You should be able to take the ISO image and mount it as virtual CD within a virtualized environment and then tell the VM to boot from the image. We use these environments for development and quick-testing, but have not formally qualified it as a supported platform. You are welcome to experiment, but keep in mind that this is not as secure as booting directly into TENS. We aren't certain all necessary hardware components (such as CAC readers) will work properly, or that you will see higher video resolutions. We consider virtual machines an unsupported platform.
We include MD5 and SHA-256 hashes to verify the integrity of the TENS download files. If you want to verify the hashes but don't know how, you can use the Microsoft File Checksum Integrity Verifier tool on Windows systems. Download the FCIV utility and install it on your Windows system. Open a command line window and type "fciv.exe <filename> -both" where <filename> is the TENS ISO file. Other operating systems might have a hashing function built in. Do a web search for "verify MD5 SHA-256 hash" along with your operating system name to see if there is a utility that will run on your system. If you are an Encryption Wizard user, add the ISO file to its main screen, then right-click and choose Get File Info to display the configured hashes.
- What do I do if TENS doesn't boot?
- What if TENS hangs during bootup?
- What if I can't boot TENS from a USB flash drive?
- Firefox froze. Now what?
- What if all of TENS freezes?
- My CAC doesn't work but I can browse the Internet. Why?
- Can I use TENS to connect to any desired web site?
- How do I save files? Where do they go?
- How is TENS-Public kept up to date?
- Why is TENS slow to boot then fast to run?
On a Mac, press the "C" key during the boot process to boot from CD or hold down the option key while booting and then select the CD icon. On PCs, change your BIOS to boot from the CD drive before the hard drive. Enter the BIOS immediately upon power on. The BIOS screen is sometimes called the hardware setup screen that can be accessed before the operating system boots.
If the Mac does not boot using the "C" key or the option key, then boot the Mac normally, insert the TENS disc, and then select the TENS disc as the boot device. Run the System Preferences utility in the Applications folder, then select Startup Disk. Select the CD; it may be called "Foreign OS on CDROM". Then restart the system. This process requires administrator rights.
Linux (and TENS in particular) does not have support for all hardware. Some hardware is not currently compatible. Verify that your CD is bootable by trying it on another computer.
If you get through the boot loader screen (dots) and the graphical startup screen (bar), and TENS hangs before presenting the TENS desktop, then the problem is either insufficient memory (see system requirements) or you are using an unsupported video controller. Please send us a bug report and tell us the type of computer you have, and the make and model of your video controller (video card or video chipset).
First verify that you can boot TENS from a CD. That will show that your ISO file is valid and that your computer can run TENS. Then look carefully at the process where you built the USB stick (USBInstall.bat). Did you run the process as an administrator? Did you turn User Account Control (UAC) off in Vista or Windows 7/10? The installation script requires administrator rights. Check your USB hardware. Try to build the stick on a different USB port. Try to boot the stick from a different USB port. Try another stick. Try another computer. Sometimes hardware and USB devices can have intermittent failures that aren't evident until you try to boot TENS from it. See if you can isolate the hardware component causing the problem, and then replace it.
Macs don't support booting other operating systems from a USB flash drive. If you use a Mac, currently you must boot from a CD.
First, try to close the window and restart Firefox. If that doesn't work, power off the computer, wait a few seconds, and power on the computer. Advanced users may wish to try to reset the hung process instead: open the Terminal Emulator shell, view processes using the ps command, find the very large VmSize Firefox process, and kill it. Restart Firefox and select "New Session".
Power off the computer, wait a few seconds, and power on the computer.
The smart card reader's firmware could be outdated. See your reader's OEM website for support; for SCR models use USB FW Update. If you have an SCR Micro brand CAC reader, try running the firmware update utility (included in TENS).
If a CAC-restricted page fails to load (or partially appears), an error message occurs, or the Master Password window doesn't open, try closing and restarting the browser or reloading the page. Other problems include a dirty or expired CAC, using a non-USB or non-CCID-compliant reader, and/or a broken or disconnected reader (no LED light).
In LPS 0.8.8 and prior, the new 144k CAC cards were not properly supported by the CAC middleware. If you have a new card (it might say "GEMALTO" and "144" on the back) and are using an older version of TENS/LPS, try the most current release and see if it fixes the problem. The TENS/LPS version number is usually displayed on the desktop in the upper right-hand corner.
If both your CAC and CAC reader work, but you can't connect to some web sites, let us know so we can check them out. There could be a problem with how the web site is coded, or it could be written in a way that only supports Windows or Internet Explorer.
TENS doesn't impose any restrictions on what sites you can visit, but note that you are still bound by the same restrictions in place on whatever network you are using. If a network is using firewall rules, proxy servers, or other filtering and control mechanisms, TENS will not bypass them. TENS does not impose any restrictions of its own, however.
TENS-Public supports USB memory sticks and hard drives. See the user's guide for details. TENS runs entirely in RAM and creates a writeable filesystem as a RAM disk. The filesystem you see exposed through the file explorer is all within memory. You can save files to this filesystem, but anything written will not survive past a reboot. If you wish to save files permanently, write them to a USB device. If you booted from a USB flash drive, do not save files to the same device.
By default, Firefox downloads files into a Downloads folder. This folder automatically appears on the TENS desktop when it contains files.
New releases of TENS are created whenever critical components of TENS-Public are updated (e.g. Firefox and hardware drivers). Future versions will include more software, more hardware support, and additional security features. We intend to release updates whenever components are patched by the vendors, at least quarterly. We intend to do quarterly maintenance releases when new features are incorporated. We may not always meet these schedules exactly, but this is our intent.
Booting from a CD is inherently slow because the data transfer rate is low. Booting from a USB flash drive is typically 2-5x faster.
TENS-Public runs fast and can show hi-res web videos on old computers because its operating system is minimized and optimized to just run a modern browser. Once TENS is loaded into RAM, all subsequent program loads are done from RAM (very fast).
- Does TENS-Public support wireless networking?
- Why do you permit USB storage?
- Why don't you include anti-virus software?
- Can I add fonts, drivers, and other persistent software to TENS?
- Can I use a browser other than Firefox? What about Internet Explorer?
- How can I edit Microsoft Office documents?
- What is 'Remote Desktop' software?
- What is the User Agent Switcher plug-in added in version 1.0.0?
- Why do you use Flash? Can I remove it?
- Can I turn off Java?
- Can I change the keyboard mapping to another language?
- Why do you still include DigiNotar certificates?
Yes. WiFi support for most popular adapters was added in version 1.1.0. We have seen problems with some computers with Broadcom WiFi chipsets not being able to access hidden wireless networks. If you encounter any problems attempting to use WiFi within TENS, please let us know.
Starting with version 1.2.0, TENS supports cellular broadband modems (air cards, etc). If you have supported hardware and a subscription with a cellular provider, try using it with TENS. We have not tested all configurations, so please let us know if you have problems. We do support iPhone tethering as well; see the User's Guide for full details.
TENS-Public was originally created as a demonstration of our security tenets before the DoD flash memory ban. The primary use case for TENS-Public originally was for people to use their home computers to conduct sensitive personal transactions, such as home banking. To permit users to save local files, we included the capability to use personal flash sticks. CAC support was included later as more people requested it.
We have built versions of TENS with anti-virus included, but it is of limited value. The issue is keeping the detection signatures up to date when loading from read-only media. We have demonstrated auto-updated anti-virus signatures, but the process does not seem reliable. Rather than giving the false sense of security by loading anti-virus software that might be out of date, we have chosen to focus on the other security elements of the system. Keep in mind that TENS is running from read-only media, which prevents persistent viruses and malware.
We can build custom versions of TENS-Professional for larger customers containing this feature. However, it does not make much sense in the TENS-Public product. If you are concerned about viruses, reboot TENS between sensitive transactions and sessions.
Keep in mind that anti-virus software can only protect against known attacks. Most recently publicized attacks have been zero-day attacks using unknown security flaws. Traditional signature-based anti-virus software cannot stop these attacks.
We'd prefer that you just tell us what drivers, fonts, etc. that you need and we'll look at adding them to the next release. Chances are good that if you want something added, others might like it as well. The advantage to having us add the software is that you won't have to re-integrate your code every time we release a new version. Using TENS from a flash stick isn't quite as secure since you would be using writable media as the boot device.
No. Firefox is a widely supported browser and was chosen for maximum compatibility. Internet Explorer doesn't run on Linux, so it cannot be a native browser. We have investigated other methods for supporting Internet Explorer, but most do not make sense in an operating system designed to run entirely in RAM.
We offer an expanded edition (TENS-Public Deluxe) that includes, among other software, the LibreOffice suite. This software can read and write files in Microsoft Office format, although not always perfectly. However, this is a free solution that supports most casual needs. We are still evaluating system requirements, since the TENS image will be larger. More memory will definitely be needed for the host system.
To edit documents using Microsoft applications specifically, save them to a USB drive and transfer them to another computer for editing. TENS-Public allows files to be saved on USB devices (portable hard drive, flash drive, etc). You can also use a cloud-based solution with a web interface, like Dropbox or Google Docs, or organizational repositories (e.g., SharePoint) that have public-facing portals.
Remote Desktop is a software application that allows graphical applications to be run remotely on a server, while being displayed on a local computer. It involves setting up a server infrastructure on your network that virtualizes client desktops. Users who remotely connect to the Citrix server (for example) use a special client program. Once connected, your client computer is sent screen updates from that remote server. The client session is actually running on the remote network, and all that is passing along the wire are those screen images. This is also sometimes called thin client or terminal server technology. It works fairly well unless there are a lot of video updates going on (don't use Citrix to watch videos or animations, for example).
Our intent with Remote Desktop software is that it connects to managed server infrastructure, not individual desktops. Many organizations do not allow remote connections to desktops for anyone but system administrators. If the software is for personal use, then these connections are fine. However, those using it to connect to Government networks should not attempt to use it this way unless explicitly directed by network administrators.
User Agent Switcher is a Firefox browser plug-in that allows you to change the User-Agent string your browser sends to web sites. This string identifies the brand and version of your browser and operating system. For instance, you can make your Firefox browser on Linux appear to be an Internet Explorer browser on Microsoft Windows. Note that this won't make Firefox behave like Internet Explorer, but it can allow you to view websites that arbitrarily reject Firefox or Linux-based browsers. Not all websites will be compatible, but this is a possible workaround for certain poorly-written sites that only check the User-Agent string but do not require a particular functionality to exist. This plug-in is a troubleshooting tool, and a possible workaround for sites that do not work properly in TENS. The plug-in adds a menu and a toolbar button; use Tools→User Agent Switcher to change your User-Agent string.
We include Flash because many web sites require it, including Government sites. We do recognize that it often has security patches, so we make sure we update Flash with every release of TENS.
Yes. We added support for non-US keyboards in version 1.3.2. Use the Keyboard and Mouse utility, click on the Keyboard Layout button labeled 'lxkeymap', and then pick the country and type of keyboard to use.
We follow the Mozilla Foundation standard as shown in this security advisory. We still include the certificates, but we explicitly distrust them.
If you want to verify that the certificates have been untrusted, launch Firefox then select Edit/Preferences, then Advanced, Encryption tab, View Certificates button, Authorities tab. Look for DigiNotar certificates; select a certificate, then click the View button. Switch to the Details tab. Look in the Certificate Fields display, and confirm that it says "Explicitly distrust" in the description.
- Which DoD websites work with TENS?
- Which DoD websites do NOT work with TENS?
- Are there any known hardware problems?
- Why do some CACs seem to work differently than others?
- Does TENS work with Government PIV cards?
- Why does TENS ignore my hardware WiFi switch?
Any which work well with Firefox on Linux — most of the service portals work just fine as do most other open standards-based sites. We have tested TENS with service portals, webmail, and other CAC-enabled sites.
Some Department of Defense web sites require that users be using a computer on a .mil/.gov network in order to connect. TENS-Public cannot be used to connect to these sites. A VPN connection must be established. Request TENS-Professional to perform this task.
Any web site or application that requires a Windows binary or plugin, or any application that is coded to require Microsoft-specific functions. TENS uses Linux and Firefox, so any web site or application that requires Windows or Internet Explorer will not work properly. We know of the following web applications that do not work with TENS:
- Wide Area Workflow: uses Microsoft's proprietary CAPICOM PKI interface (a Windows DLL).
- Outlook Web Access S/MIME: Users can read and send E-mail with TENS, but cannot sign messages or use encryption capabilities. The OWA S/MIME interface is implemented as an ActiveX control, which only works with Internet Explorer on 32-bit Windows operating systems. If you must send encrypted messages, use the built-in Encryption Wizard product instead.
- Advanced Distributed Learning Services (ADLS): an application coded to use Microsoft-specific functions, requiring Internet Explorer and Windows.
We have implemented a workaround for the S/MIME problem in LPS/TENS 1.3.3. Thunderbird and DAVmail will allow signing and encrypting messages, but the process is slower than native solutions since a software gateway is involved.
Yes. TENS uses Linux and not all hardware has Linux drivers. Some newer hardware is not supported. We believe version 1.4.0 gave us wider driver support, but please let us know if something doesn't work.
Some iMacs have unsupported video cards.
In TENS-Public prior to version 1.0.0, the CAC middleware we were using did not properly support newer 144k CACs. We changed packages and now can support both the older and the newer cards starting in version 1.0.0. If you run into problems using your CAC to authenticate against a particular site, please let us know the website and the type of CAC you have (look on the back above the magnetic strip for details).
Yes, we believe it does. We added support for these cards in the v1.1.0 release, but have not done extensive testing with them yet. Please try it out and let us know if you experience problems. Some users have reported problems with certain types of PIV cards, but we have not been able to isolate the issue. It seems to depend on the organization that issued the cards; not all seem to be using the same specification. We will continue to investigate. If you have non-functional PIV cards, we would like to hear from you — particularly if you can get us test cards.
Some computers have a hardware WiFi switch, but these switches often do not actually disable the hardware. We have seen laptops with WiFi switches continue to see WiFi networks, but not allow connections to be established. If you have a laptop where connections can be established even if the WiFi switch is turned off, please let us know the vendor and model of laptop and WiFi chipset.
- What CAC readers does TENS-Public support?
- What web cameras does TENS-Public support?
- What printers does TENS-Public support?
- What other utilities are included with TENS-Public?
- I don't know Unix very well. Do you have a reference for common commands?
CAC reader driver support is provided by the pcsclite package. The developer has provided three lists of devices, supported, should work, and unsupported. Check these lists to see if your device is supported or not.
Web camera support was included starting in version 1.2.1. We currently have support for UVC USB web cameras and might have support for some other versions. If you want to see if your device is supported, you can check lists here and here. Another method of checking support is to run the Diagnostics utility in TENS and see if your web camera has the phrase "UVC" in its name.
Printing support was added in version 1.3.0. The supported printers are shown in this list.
TENS includes some useful minor personal productivity utilities with graphical interfaces:
- PCMan File Manager – file explorer
- Leafpad – text editor
- gpicview – image viewer
- xPDF – PDF file viewer
- Adobe Reader – PDF file viewer (Deluxe only)
- zarfy – monitor configuration tool
- galculator – desktop calculator
- mtPaint – pixel-based paint program
- LibreOffice – office productivity software (Deluxe only)
We have also included some connectivity software:
- OpenSSH – secure shell, allows command line access to remote systems
- FreeRDP – remote desktop
- Citrix Receiver (formerly ICA manager) – Citrix client
- NetworkManager – network manager
- minicom – terminal emulator
Some of the utilities have desktop icons, while others are accessed through the Utilities or Multimedia menus. If command-line access is desired, most of these can be found in the /bin directory (use the Terminal Emulator application under Utilities to get a command line).
Check out this one. Finding and stopping hung processes is probably the most useful.
- How should people use TENS to improve security?
- What's the difference between TENS, TENS-Public, TENS-Professional, and Bootable Media?
- What are typical use cases for TENS?
TENS is inherently more secure than most operating systems since it is designed to run from read-only media and has no persistent storage. Any malware that might infect a computer can only run within that session.
A user can improve security by rebooting between sessions, or when about to undertake a sensitive transaction. For example, boot TENS immediately before performing any online banking transactions. TENS should also be rebooted immediately after visiting any risky web sites, or when the user has reason to suspect malware might have been loaded. In any event, rebooting when idle is an effective strategy to ensure a clean computing session.
When using TENS on a USB flash drive, never use the TENS boot device as a data store. Use a separate flash drive for storing data. If your TENS boot stick is used as writeable storage, persistent malware could be loaded.
TENS is updated on a regular basis (at least quarterly). Update to the latest versions to have the latest protection.
TENS is the general description of the technology, and our master brand; it was previously called LPS. Within the TENS product line, we have several editions designed for specific purposes. When we refer to "TENS", we are talking about the general technology that is used within all the products. "TENS-Public" and "TENS-Professional" refer to specific products in our portfolio.
For a more detailed description of these products, see the TENS homepage. Other TENS editions have more specific use cases and audiences, not described here.
While we have designed the technology for specific purposes, we continue to be surprised and impressed by the ways our customers are using our technology. We intended TENS-Public to be a way to check out the capabilities of TENS by connecting to the public internet, including using a CAC-enabled web browser. TENS-Professional (originally called LPS-Remote Access) was designed to be given to the network support staff for an organization to allow remote use of their specific network. It can be customized to block access to the internet except if accessed from inside the corporate network, and can have additional applications loaded.
TENS is not intended to be a desktop replacement system. We have had users request custom builds containing a full range of corporate software. If the primary use case is to run a system containing all common office software, then the user should request a standard desktop build computer from their organization. TENS is a casual usage solution primarily designed for task-specific web applications. It is unlikely to be acceptable as a full-time solution, unless used as a remote node to connect to an existing remote desktop infrastructure within an organization.
Here are some of the more popular or creative methods we have seen for TENS:
- Casual telework without being issued (or without bringing home) a work computer (particularly a GFE computer); when used in this mode, we refer to the system as "virtual GFE"
- Emergency telework when the office is closed, such as during a snow emergency, contageous disease outbreak, or terrorist attack
- Users who haven't been given a computer (such as National Guard or Reserve users) but wish to access DoD websites from their home computer
- Conducting personal banking or other sensitive business when using an untrusted computer (public kiosk, hotel computer, even a potentially infected home computer)
- Visiting potentially dangerous web sites without permanently infecting or damaging a computer
- Users who want netbook-like functionality from an older computer not able to run the latest version of modern operating systems, or that have a crashed, infected or broken hard drive
- Use on a business trip where a GFE or company-issued laptop was not brought along or is otherwise unavailable for use
- Government users who want to use their home computer to access CAC-enabled web sites but do not (or cannot) install CAC middleware and other software on their own systems
- Government organizations who want their users to be able to access DoD websites from home, but do not want to issue them computers or provide support to them as they attempt to configure their home computers to work remotely
- As a backup system in case their GFE or company-issued laptop breaks while on a business trip, thus saving the organization from having to do remote diagnosis and repair; the user simply boots TENS to continue their work, and gets the laptop repaired when back in the office
- Why is TENS secure?
- Why should I trust TENS?
- How do I get help?
- Is TENS approved and certified for Government use?
- Can I use TENS with my Government laptop? Can it be used for non-emergency uses?
- Is TENS meant specifically for the Air Force, or was it designed to be used DoD-wide?
- Can anyone use TENS-Public?
- How can I trust your website or your images? Do you have a protected download site, or publish hashes for your ISO images?
- Do you collect any personal information? How do I know the Government isn't tracking me?
TENS allows you to use the network without relying on a potentially compromised operating system. TENS does not include drivers for accessing the local hard drive, so TENS is insulated from any malware locally present. TENS runs a modern Linux kernel with minimal services. In the remote event that TENS is compromised, either directly or by visiting a site that exploits the software, remediation is as simple as a reboot.
The TENS mission is to protect DoD intellectual property, in this case by securing the end node. TENS has been evaluated by the NSA and others, and is trusted to connect to the DoD Global Information Grid (GIG). TENS is domestically researched, developed, distributed, and supported. TENS was developed in accordance with the Three Tenets of Cyber Security, as developed by the ATSPI Technology Branch. TENS only includes the functionality it needs to serve its mission, and it does not mount a local hard drive. This keeps the attack surface small, while running the TENS session out of band from the operating system on the local hard drive.
Email us. Be sure to identify your product (i.e., TENS), edition (TENS-Public, TENS-Professional, etc), and version (e.g., 1.7.0).
Note that these links require CAC authentication.
TENS-Professional is certifed IAW AFI 33-210 for use to connect to the AF-GIG and has been placed on the Air Force Evaluated/Approved Product List (AF E/APL). We received the certification from HQ AFNIC/EVSN on 20 October 2009.
TENS was also approved as a continuity of operations (COOP) solution for the H1N1 pandemic by the DoD CIO in 2009. The memo is available online.
The AFNIC certification memo states that TENS is a "virtual GFE solution for secure remote access to accredited GIG resources." The DoD CIO memo cites existing telework policy and determines that TENS is "a secure alternative to GFE." Thus while TENS is operating (even on non-GFE), the TENS session is considered equivalent to GFE.
TENS received a Certificate of Networthiness from the US Army on 1 January 2011.
On 15 June 2011, AFNIC revised their certification memo to allow TENS-Professional (then LPS-Remote Access) to be used for general telework and travel use in addition to COOP and emergency scenarios. This certification applies to all custom builds of TENS, including DISA's Bootable Media product.
On 9 March 2012, the DISA DAA signed the ATO for Bootable Media, a variant of TENS-Professional. The ATO and DIACAP Scorecard are available. The full DIACAP package will be posted in the future, as well as ordering instructions. In January 2013, the DISN/GIG Flag Panel gave Bootable Media enterprise reciprocity, which allows any DoD organization to deploy the product.
In 2017, TENS began the RMF process. This continues at the time of writing.
TENS is mostly designed for people without a Government laptop. If you have a GFE laptop, you likely have all the communication software you need to reach your internal networks. But we do know of organizations using TENS as a "Plan B" in case of hardware failure of their devices. Note that some organizations restrict your ability to boot from CD, so this might impact your options as well.
We received a certification from AFNIC to allow Air Force users to add TENS-Professional to existing network enclaves for routine telecommuting. Each organization will have to work with their networking people to make this happen. We have received a full DIACAP Certification and Accreditation for Bootable Media to be used for unrestricted telecommuting.
TENS-Public is not limited to the Air Force or the DoD; it is freely available for anyone to use. TENS includes functions that may be more applicable to DoD users, but it is also being used by civilian government agencies and the defense industrial base.
TENS-Professional is meant for US Federal Government users to connect to internal networks. As a Department-of-Defense-funded project, we cannot provide the software to other Federal government agencies for free; we charge $25K for a one-time customization, and $10K for annual support. We are investigating how to provide the software to state and local government organizations and public sector entities, but do not yet have a process for these organizations.
TENS-Public can be used by anyone. While we did not create TENS with the public in mind, we realize that many people can benefit from its features. It is not a general purpose Linux distribution or LiveCD; there are many others that serve that purpose. We have released it for the public good; if you have a use for it and find value in it, by all means use it. If it doesn't fit your needs, choose another product.
How can I trust your website or your images? Do you have a protected download site, or publish hashes for your ISO images?
Our website has a .mil address and has a trusted certificate. We have put MD5 and SHA-256 hashes for our images into a document signed with a valid digital signature of project staff. Users trusting DoD Certificate Authorities should be able to validate this signature. If there is any doubt of the provenance, send us a message.
We do not collect any personal information. Nothing is uploaded to government computers. If you are concerned about using something that originates with the Federal government, keep in mind that we aren't making you use the product.