The AbilityOne program is a unique way for federal agencies to give jobs to people with disabilities, including veterans. By hiring contractors that work within the program, contracts can be fulfilled by teams of which 75% are significantly impaired in some way. While some might worry this a recipe for subpar results, contractors like Bona Fide have consistently delivered award winning services. Working alongside the General Services Administration (GSA), the AbilityOne program helps agencies meet their goals while giving back to the community.

But these contracts come with tough rules, especially for IT and cybersecurity. How can a Total Facility Maintenance (TFM) company like Bona Fide Conglomerate use people with disabilities and still deliver on tough requirements? As you will see, our IT and cybersecurity services follow all the rules and get the job done right, regardless of the labels our teams might have placed on them. Here’s why Bona Fide is the best choice for your facility management, even for IT and Cybersecurity.

The Challenge of GSA Rules

There’s no doubt GSA contracts have strict regulations. The federal government wants the best available services money can buy, and that’s especially true when it comes to keeping data safe and systems secure. Rules like NIST 800-171, the Cybersecurity Maturity Model Certification (CMMC), Federal Information Security Management Act (FISMA), and DFARS all set high standards to protect people’s data. These rules can be confusing, making it hard for agencies to stay compliant. Contracting officers need a vendor they can trust to follow these rules perfectly. If the vendor doesn’t, the agency could face fines, lose contracts, or have data stolen. At Bona Fide, we understand these challenges and have the experience to avoid compliance issues.

A Trusted AbilityOne Partner

Bona Fide Conglomerate, INC is proud to be part of the AbilityOne program. As a 501(c)(3) non-profit, we hire talented veterans and other people working with disabilities to deliver IT and cybersecurity services. Our teams are trained to meet the GSA’s high standards while supporting the program’s mission to create jobs for those who need them most. We have the certifications, like those for IT security and project management, that prove we’re ready. We have the awards that demonstrate our results. But most importantly, our 20+ years of experience with GSA and AbilityOne projects gives us the flexibility to adjust to the needs of unique facilities. By choosing Bona Fide, you support a great cause and get a proven and reliable partner.

Making Compliance Easy

We have designed IT and cybersecurity services specifically for for GSA contracts.

Secure IT Systems: We design and manage computer networks that keep data safe and meet GSA rules like NIST 800-171.
Cybersecurity Protection: We use tools for data encryption, firewalls, and threat detection to stop hackers and protect your information.
Compliance Support: We review systems for issues, fix them ASAP, and prepare for audits to keep you compliant with CMMC and FISMA.
Ongoing Help: We monitor systems 24/7 and provide training so your agency stays secure and ready.

Our services work for any contract size, from small offices to large agencies. And again, by following AbilityOne guidelines, we ensure our team of dedicated employees come from underserved communities while delivering quality work.

Bona Fide Conglomerate In Action

What do our services look like from a practical perspective? Here are two hypothetical, but common, scenarios we face:

Scenario 1: Stopping a Cyberattack

Let’s imagine one of our partners is hit by a cyberattack. Hackers try to steal sensitive data and threaten operations. Our team, some with military training, acts fast. We use advanced tools to spot the attack, blocking it within minutes. We then begin fixing the system and preparing detailed reports to meet FISMA reporting rules. Following the attack, we train agency staff to limit the risk of future attacks. The agency stays safe, avoids penalties, and passes its next audit easily.

Here is a more detailed breakdown of our response plan:

Step 1: Detect the Attack (Within Minutes)

What We Do: Our cybersecurity team is constantly monitoring the agency’s systems using tools like intrusion detection systems (IDS) and security information and event management (SIEM) software. These tools alert us the moment they detect suspicious activity, like unauthorized access attempts.
How It Works: If hackers try to steal data by exploiting some system weakness, our tools will flag unusual logins or data transfers. Our staff, trained in cyber monitoring, quickly reviews the alerts to confirm the attack.
Why It Matters: Fast detection stops attacks in its tracks, often before it causes any damage, keeping the agency’s data and systems safe.

Step 2: Contain the Threat (Within Hours)

What We Do: If an attack has been confirmed, we isolate the affected systems to stop the hack from spreading further. This might mean temporarily disconnecting a server, blocking malicious IP addresses, or briefly limiting user access.
How It Works: In these scenarios, our team completely blocks any access by updating firewalls and shutting down compromised accounts. Our Wounded Warriors, with experience in high-pressure situations, lead the effort to act swiftly and calmly.
Why It Matters: Containing the threat quickly prevents data loss and keeps the agency’s operations running, reducing the risk of ransomware attacks or some other malicious goal.

Step 3: Eradicate the Attack (Same Day)

What We Do: We identify and remove any of the hackers’ tools, like malware or backdoors, from the agency’s systems. Our team scans every part of the network to find and delete any harmful files or code.
How It Works: Using antivirus software and manual checks, we clean the system thoroughly. For example, if the hack installed malware to try to steal data, our technicians identify and scrub it, ensuring no traces remain.
Why It Matters: Fully eliminating the threat protects the agency from future attacks.

Step 4: Fully Recover and Restore Systems (Within 1-2 Days)

What We Do: We fully restore the agency’s systems to normal by fixing any damage and bringing any affected operations back online. This includes restoring data from secure backups and testing systems to ensure they’re safe.
How It Works: In these scenarios, we use encrypted backups to recover any lost files and rebuild the affected systems. Our team checks that everything works correctly, from email to databases, before giving the all-clear.
Why It Matters: Quick recovery minimizes downtime, keeping the agency’s contract on track and prioritizing mission success.

Step 5: Report to Meet FISMA Rules (Within 24 Hours)

What We Do: We fully document the attack and our response in detailed reports to comply with FISMA reporting requirements. These reports explain what happened, how we stopped it, and the steps taken to prevent the issue from happening again.
How It Works: Our team prepares clear, organized reports that include timelines, technical details, and evidence of compliance. We submit them to the agency for review and federal reporting, ensuring all deadlines are met.
Why It Matters: Proper reporting avoids penalties and compliance concerns.

Step 6: Train Agency Staff (Within 1 Week)

What We Do: Depending on the nature of the breach, we train the agency’s employees to recognize and prevent future attacks. This includes teaching them about social engineering, strong passwords, and safe internet practices. As attacks constantly evolve, so do our training reviews.
How It Works: Our teams create training sessions tailored to the agency’s needs. For example, we might run a workshop on spotting fake emails that hackers use to steal data.
Why It Matters: Training strengthens the agency’s defenses, reduces future risks, and insulates long-term security.

Step 7: Monitor and Improve (Ongoing)

What We Do: After any attempted or successful attack, we continue to watch the agency’s systems for any new versions of the threat. We also review the method of the attack to improve our processes and update security measures.
How It Works: We install updated software patches, enhance firewalls, and monitor for suspicious activity. Our team meets regularly to discuss lessons learned and share them with the agency.
Why It Matters: Ongoing monitoring and improvements ensure the agency stays secure and compliant.

Scenario 2: Setting Up a New IT System

Suppose your contract needs a new IT system for agency offices in 3 different cities. The system must have secure data sharing and be easy to use. We design a cloud-based solution that follows NIST rules 800-171. Our team sets it up, tests everything, and trains the agency employees to manage it. We provide ongoing support to keep it running smoothly with no downtime. And the agency gets a system that’s affordable and can grow as their needs change.

Here’s how we would meet the technical and budget needs.

Step 1: Understand Agency Needs (1-2 Weeks)

What We Do: We meet with the agency to learn about their goals, catalog the current systems, and note the specific needs for the new IT system. We consider data sharing requirements, user roles, and budget limits.
How It Works: Our project managers hold video calls or in-person meetings with agency staff in all three cities. We create a checklist of needs, such as secure file sharing, email access, and remote work support, while ensuring the system will follow NIST 800-171 rules for protecting sensitive data.
Why It Matters: Understanding the agency’s needs ensures we build a system that works for them, and helps us plan for success.

Step 2: Design a Cloud-Based Solution (2-3 Weeks)

What We Do: We create a plan for a cloud-based IT system that meets NIST 800-171 requirements, such as encryption and access controls. We choose a secure cloud platform, like Microsoft Azure or Amazon Web Services, that fits the agency’s needs and budget.
How It Works: Our IT architects design a system with features like encrypted data storage, multi-factor authentication, and user-friendly dashboards. We ensure the system allows secure data sharing across all three cities while keeping unauthorized users out. We also plan for scalability, so the system can grow if the agency adds more users or offices.
Why It Matters: A well-designed system ensures security and usability, proving to GSA officers we can deliver compliant, practical solutions.

Step 3: Set Up the System (4-6 Weeks)

What We Do: We build the system by installing software, configuring servers, and connecting all three offices. Our team follows NIST 800-171 guidelines to secure every part of the cloud system.
How It Works: Our technicians set up virtual servers, install security tools like firewalls, and link the offices through a secure network. For example, we configure shared folders so staff in different cities can access files safely. Veterans on our team oversee the process to ensure every step meets high standards.
Why It Matters: A smooth setup keeps the project on schedule and within budget.

Step 4: Test Every Component (2-3 Weeks)

What We Do: We test the system to make sure it works perfectly and meets NIST 800-171 rules. We check for security weaknesses, user access issues, and performance problems.
How It Works: Our team runs tests like simulated cyberattacks to confirm the system is protected. We also test data sharing between cities to ensure files transfer quickly and securely. We ensure that employees can log in easily and use tools like email or document sharing without trouble. We fix any issues before going live.
Why It Matters: Thorough testing prevents problems after launch, delivering dependable systems.

Step 5: Train Agency Workers (1-2 Weeks)

What We Do: We train agency staff in all three cities to use the new system confidently. We teach them how to share data securely, access tools, and follow NIST 800-171 rules.
How It Works: Our veteran trainers lead in-person or virtual training sessions tailored to each office’s needs. For example, we may show staff how to use encrypted email or reset their passwords safely. We provide simple guides for reference.
Why It Matters: Training ensures the agency can use the system effectively to support long-term success.

Step 6: Launch the System (1 Day)

What We Do: We officially roll out the system, moving all three offices to the new cloud platform. We monitor the launch closely to fix any last-minute issues.
How It Works: We coordinate with agency staff to switch to new systems during a planned window, like a weekend, to avoid disruptions. We check that all data has transferred correctly and that users can access the system. Our techs ensure a smooth transition with clear communication.
Why It Matters: A flawless launch keeps operations running while minimizing risks during these critical changes.

Step 7: Ongoing Support (Contract Specific)

What We Do: Depending on the contract, we offer 24/7 support to keep the systems running. We monitor for threats, apply updates, and help with user questions.
How It Works: Our support team uses specialized tools to monitor systems for issues, like slow performance or security alerts. We install software patches to stay compliant with NIST 800-171. If a user has trouble, they can call our helpdesk for quick answers. We also provide regular reports to the agency on system health.
Why It Matters: Ongoing support ensures reliability and compliance.

Why You Can Trust Bona Fide Conglomerate

We’ve worked extensively with the GSA and the AbilityOne program, so we know how to succeed. Our teams are highly trained in IT and cybersecurity, with the certifications to prove it. We use strict processes to check our work, catch mistakes, and stay compliant. We also work hard to save you money while meeting GSA’s high standards. By choosing Bona Fide, you get a vendor who supports AbilityOne’s mission and delivers top-quality services. Our track record shows we’re a partner you can rely on for any GSA contract.

Beyond compliance and quality, our team’s diversity, including Wounded Warriors and people with disabilities, brings unique perspectives to the work environment. And committing to an AbilityOne partnership means supporting a worthy cause and giving back to the community.

Picking the right vendor for a contract can be tough, but at Bona Fide, we make it simple. We deliver high-quality IT and cybersecurity services that meet strict regulations and get the job done right. Our skilled teams, including veterans and people with disabilities, are ready to handle your contract with skill and experience. With our proven skills, clear processes, and real-world solutions, you can trust us to make your RFP a success. CONTACT US today to talk about your needs and see how we can help your agency shine!