Kick off our launch with 50% off everything – originally $6, now only $3!
Back To Home

Website Design Services

USA(Kansas)
WDDS-0114
Publish Date: Friday, 11 Apr, 2025
Closing Date: Thursday, 22 May, 2025
Notice Type: RFP (Request For Proposal)
RFP Description

The vendor is required to provide professional investigative, laboratory and criminal justice information services to the agencies for the purpose of promoting public safety and preventing crime in state.
a. Website functionality requirements
- User interface (UI), user experience (UX) design and governance:
• The homepage design must clearly communicate agency value proposition and key messages/functions as well as offer flexibility for user navigation to agency -hosted databases.
• Internal pages should be well-organized and easy to navigate, with clear calls to action.
• The website must be optimized for search engines (SEO) to improve organic search rankings.
• Ideal vendor must be prepared to take steps to improve agency SEO to increase website digital visibility on search platforms.
• The website must be accessible to all users, including those with disabilities, adhering to the rehabilitation act and ADA guidelines.
• The website must be fully responsive and provide an optimal user experience across all devices (desktops, tablets, and mobile phones).
• The website must be capable of remaining stable during periods of high traffic during a crisis or in heightened public interest incidents.
• State has policies that state agencies are required to abide by.
• During this project the vendor is expected to abide by those policies as well as any pertinent federal policies or laws, throughout the life of the contract.
- Content management system (CMS) requirements:
• The CMS must be user-friendly and intuitive for content editors with limited technical expertise.
• The CMS must support role assignments and/or permission levels for agency content editors. minimum of two levels required for administrators and content editors.
• The CMS must support a start to finish content publishing workflow per role assignments and/or permission levels.
• The CMS must support approvals and version control capabilities.
• The CMS must be able to interact with agency internal-hosted web applications and microsites.
• The CMS must be open-source and non-proprietary to limit agency dependence on vendor in the event of discontinuance of hosting services is preferred.
• The vendor must provide a point of contact who is reachable during agency standard business hours to liaison, manage vendor activities, and instruct on the CMS.
- Back-end development:
• The website's database must be well-structured and optimized for performance and scalability. vendor shall work with agency IT department to ensure hosted site is compliant with internal web policies.
• The website must be secure and protected against potential threats (e.g., hacking, data breaches). vendor must have a demonstrable record of minimal to no threats, as well as an action plan for handling threats.
• Integration with third-party APIs (if applicable) must be seamless and reliable (e.g. social media live feed, agency email marketing feed).
- Security requirements
1. CMS user account requirements:
• The information system automatically disables temporary and emergency accounts after a defined time period.
NIST 800-53 ac-2(2)
• The information system automatically disables inactive accounts after 60 days.
NIST 800-53 ac-2(3)
• The information system automatically audits account creation, modification, enabling, disabling, and removal actions, and notifies agency -defined personnel or roles.
NIST 800-53 ac-2(4)
• The information system supports the enforcement of industry standard role based and attribute-based authorizations for logical access to information system resources.
NIST 800-53 ac-3
• The information system audits/logs the execution of privileged functions.
NIST 800-53 ac-6(9)
• The information system prevents non-privileged users from executing privileged functions to include disabling, circumventing, or altering implemented security safeguards/countermeasures.
NIST 800-53 ac-6(10)
• The information system enforces a configurable limit of 5 consecutive invalid login attempts by a user; and automatically locks the user account for at least 30 minutes (configurable) or until released by an administrator.
NIST 800-53 ac-7 / information technology executive council (ITEC) 7230a / policy
• The information system displays a agency definable system use notification message/banner to users; and requires users to acknowledge the message/banner before granting access to the system.
NIST 800-53 ac-8 / ITEC 7230a / policy
• The information system operating system prevents further access to the system by initiating a session lock after 10 minutes (configurable) of inactivity, or upon receiving a request from a user; and retains the session lock until the user reestablishes access using established identification and authentication procedures.
NIST 800-53 ac-11 / agency policy 44
• The information system automatically terminates a user session after 30 minutes (configurable) of inactivity.
NIST 800-53 ac-12 / ITEC 7230a / policy
• The information system, for password-based authentication; stores and transmits only encrypted representations of passwords.
NIST 800-53 ia-5(1)
• The information system, for password-based authentication; allows the use of a temporary password for system logons with an immediate change to a permanent password.
NIST 800-53 ia-5(1)
• The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitations/use by unauthorized individuals (e.g., displaying asterisk when users type passwords).
NIST 800-53 ia-6
• The information system implements encrypted mechanisms for authentication (e.g., the use of the protocols for authentication such as telnet, shell, rexes, rlogin, or http would be non-compliant).
NIST 800-53 ia-7
• The information system separates user functionality (including user interface services) from information system management functionality.
NIST 800-53 sc-2
• The information system prevents unauthorized and unintended information transfer via shared system resources (e.g., preventing object reuse).
NIST 800-53 sc-4
• The information system terminates the network connection associated with a communications session at the end of the session or after 30 minutes (configurable) of inactivity.
NIST 800-53 sc-10
• The information system supports protecting the authenticity of communications sessions (e.g., sessions in service-oriented architectures providing web-based services).
NIST 800-53 sc-23
• The information system supports the installation, automatic updates, and continuous use of agency provided third party malicious code protection software (e.g., McAfee endpoint security suite).
NIST 800-53 si-3(2) / ITEC 7230a / policy
• The information system supports the installation, automatic updates, and continuous use of agency provided third party log collection software (e.g., tenable log correlation engine client); or supports the ability to send log data to a centralized logging server (e.g., via syslog).
ITEC 7230a
• The information system supports checking the validity of information inputs (e.g., input validation for length, numerical range, invalid characters, etc.).
NIST 800-53 si-10
• The information system generates error messages that provide information necessary for corrective actions without revealing protected information (e.g., do not display sensitive information, pii, source code, sql strings, variable names/types, etc.).
NIST 800-53 si-11
• The information system only displays generic, user friendly errors to users. detailed and descriptive error messages are only revealed to agency defined administrative personnel.
NIST 800-53 si-11
• The information system implements safeguards to protect its memory from unauthorized code execution (e.g., data execution prevention).
NIST 800-53 si-16
• Information system service accounts must only be utilized for a single task or service (e.g., a single service account per task/service).
ITEC 7230a
2. Data protection and backup
• Must define data backup, rollback, and disaster recovery plans.
3. Availability and response time
• Standard website response time shall be under 1 second.
• Splash page shall be displayed to user when system is unavailable.
- Discovery and planning:
• The discovery phase must involve stakeholder interviews and competitive analysis to gather requirements and understand user needs.
• User research and persona development must inform design decisions and ensure the website meets the needs of the target audience.
• A detailed project scope and timeline must be developed based on the findings of the discovery phase.
• It is preferred if the vendor utilizes card sorting and tree testing techniques.
- Design and prototyping:
• Wireframes and interactive prototypes must be created to visualize the website's structure and user flow.
• A comprehensive visual adherence to established branding is expected to ensure brand consistency across the website.
• Agency will be responsible for providing all branding material to vendor.
• Stakeholder user testing shall be conducted throughout the design process to gather feedback on the design and functionality.
- Development and implementation:
• Front-end development must adhere to best practices and industry standards for html, CSS, and JavaScript.
• Back-end development must focus on robust and scalable solutions, ensuring seamless integration with the chosen CMS.
• Vendor is responsible for quality assurance throughout the development process.
- Launch and deployment:
• A staging environment shall be expected for testing and final preparations before the live launch. vendor must control final migration to production.
• A comprehensive launch plan shall be developed to minimize disruption and ensure a smooth transition.
• Go-live support must be provided to address any immediate issues that may arise after the launch.
- Post-launch support and maintenance:
• Ongoing maintenance and support must be provided to ensure the website's stability and performance.
• Maintenance shall include comprehensive monitoring of website back-end for updates.
• Training shall be provided to agency CMS users and administrative staff.
• Training shall cover:
o Introduction to vendor CMS functionality,
o Template usage,
o Management of role assignments and permission settings,
o Administrative support
• Vendor must ensure analytics feature is integrated and ensure agency staff has monitoring ability.
- Contract Period/Term: 2 years
- Questions/Inquires Deadline: April 24, 2025

Timeline
RFP Posted Date: Friday, 11 Apr, 2025
Proposal Meeting/
Conference Date: NA
NA
Deadline for
Questions/inquiries: Thursday, 24 Apr, 2025
Proposal Due Date: Thursday, 22 May, 2025
Authority: Government
Acceptable: Only for USA Organization
Work of Performance: Onsite
Download Documents
Similar RFPs

Website Services

USA(Washington)
Publish Date: Saturday, 07 Jun, 2025
Closing Date: Friday, 11 Jul, 2025
Notice Type: RFP (Request For Proposal)
WDDS-0179

Website Redesign and CMS Consolidation Services

USA(Indiana)
Publish Date: Saturday, 07 Jun, 2025
Closing Date: Tuesday, 24 Jun, 2025
Notice Type: RFP (Request For Proposal)
WDDS-0178

Website Rebuild Services

USA(Idaho)
Publish Date: Friday, 06 Jun, 2025
Closing Date: Wednesday, 09 Jul, 2025
Notice Type: RFP (Request For Proposal)
WDDS-0177

Website and Digital Asset Compliance Services

USA(California)
Publish Date: Tuesday, 03 Jun, 2025
Closing Date: Tuesday, 08 Jul, 2025
Notice Type: RFP (Request For Proposal)
WDDS-0176

NET and Umbraco Webmaster Services

USA(Alaska)
Publish Date: Saturday, 31 May, 2025
Closing Date: Monday, 09 Jun, 2025
Notice Type: RFI (Request For Information)
WDDS-0174
Subscribe to get Fastest BID Notification

Quick Links
Contact Info
3891 Ranchview Dr. Richardson, California 62639
info@rfpplanet.com
Connect With Us
We Accept
paypal
Copyright © 2025. RFP Planet