XCT Reconstruction Software

This government Request for Quotation (RFQ) by the National Institute of Standards and Technology (NIST) seeks X-ray computed tomography (XCT) reconstruction software. The software will support nondestructive defect detection metrology (NDDM) for semiconductor advanced packaging, enabling reconstruction of data from various scanning trajectories and algorithms. Key requirements include compatibility with Windows 11 and NVIDIA RTX A6000, support for multiple beam types and trajectories (including cone, parallel, circular, and helical), and features for preprocessing, geometry/drift correction, and image artifact correction. The software must offer filtered backprojection and iterative reconstruction algorithms, a graphical user interface (GUI) with documentation, and data import/export capabilities in standard formats. Licensing must be perpetual, ideally managed via a USB dongle or node-locked. Evaluation criteria prioritize technical capability and demonstrated experience over price, with higher confidence given to solutions supporting Linux/Mac, phase retrieval, filter options, both algebraic and statistical iterative techniques, a GUI for parameter adjustment, a Python API, and direct import of native XCT instrument formats. Cybersecurity and privacy requirements, including compliance with FISMA and encryption standards, are also critical.

The Cybersecurity and Infrastructure Security Agency (CISA) has issued instructions for a Secure Software Development Attestation Form (OMB Control #: 1670-0052, Expiration Date: 03/31/2027). This form, mandated by Executive Order 14028 and OMB Memoranda M-22-18 and M-23-16, aims to ensure software used by federal agencies is developed securely. Software producers must attest to meeting specific secure software development practices, largely derived from NIST's Secure Software Development Framework (SSDF). The attestation is required for software developed or significantly modified after September 14, 2022, or those with continuous changes, but excludes federal agency-developed, freely obtained open-source, third-party components, and publicly available free software. The form requires detailed software and producer information, signed by a CEO or authorized designee, or can be substituted by a certified third-party assessment. Failure to attest may result in agencies ceasing software use, and providing false information can lead to criminal charges. Agencies can grant extensions or waivers if attestation is not possible, provided a mitigation plan is submitted.