Lawmakers claim the bill is the widest expansion of CISA through legislation since the SolarWinds incident. Among other features, the NDAA authorizes CISA‘s program to monitor IT and OT networks of critical infrastructure partners; and codifies a program providing businesses and state and local governments with model exercises to test their critical infrastructure.