RFI: Kansas Bureau of Investigation NetRMS Replacement

Statement of Need

The Kansas Bureau of Investigation (KBI) is in need of a replacement front-end application for the internal management of records in the state Computerized Criminal History (CCH) repository. The goal of this project will be to port/replace the existing/legacy classic ASP/active paper application with a modern browser-based application, with no modifications to the back-end systems, repositories, or other dependent systems. Some limited modification of existing functionality may be required.


The KBI has been utilizing the current management application (“NetRMS”) since approximately 2002. It is built utilizing classic ASP and incorporates Motorola ActivePaper templates (written in VB 6), a longdefunct technology. Source code for these templates is available. Support and maintenance of this application is difficult. This application interacts directly with the state CCH and related data systems. There are several antiquated modules or sub-systems within this application that can be deprecated, streamlined, or otherwise modified to be brought into line with current architecture and security standards at KBI.


Respondents should have a proven track record of working with legacy system conversions. Respondents should be able to provide solid references for working with government agencies on similar types of projects, preferably in the public safety and criminal justice arena. Respondents should have staff with experience in the listed technologies in this RFI. Staff should have the ability to pass a fingerprint record check.

Information Requested
KBI is seeking:

1. A high-level estimate of cost

2. An estimated duration of effort for this project.

Project Criteria

 The following criteria are known for the project. Additional discovery may be required.

1. The application will be a web application, requiring the use of current standards such as HTML5 and CSS3. It will require compatibility with Microsoft Edge and Google Chrome browsers with current and ongoing security updates.

2. The application may require the use of multifactor authentication, to be determined in discussion with the business unit. If so, it will need to utilize standard authentication and authorization protocols which conform to FICAM profiles (per NIST 800-53 IA-8(4)). This could include such standards as SAML 2.0 or OpenID 2.0. MFA would be handled by an external Identity Provider.

3. There is a strong preference for Microsoft-based technologies for any database systems implemented (if deemed necessary). Non-MS T-SQL solutions such as PostGres will be considered. Oracle is not acceptable.

4. Platforming for any application services should be Microsoft OS-based and MS-IIS; consideration for other standards such as supported Linux distributions and associated web server technologies will be considered.

5. Applications shall be written utilizing .NET 5 or newer.

6. All but the presentation layer should be built within the API. The expectation is that as much as possible, application logic would be ported as it currently exists.

Time for Response

KBI requires a response to this RFI no later than close of business on Friday, 29 April 2022.