The legislation would require CISA to develop a new cybersecurity framework for agencies and critical infrastructure owners and operators.