https://fcw.com/articles/2019/12/12/cisa-bill-new-authority-johnson.aspx
The Cybersecurity Vulnerability Identification and Notification Act of
2019 would allow CISA to subpoena subscriber information for enterprise
devices or systems [...]
Subpoenas would be issued when the director of CISA identifies internet
connected systems with specific vulnerabilities, is unable to identify the
entity at risk and "has reason to believe" it relates to critical
infrastructure. The Senate bill, which was obtained by FCW, adds a
provision not included in the original DHS proposal specifying that the
authority cannot not be used for information relating to "personal devices
and systems, such as consumer mobile devices, home computers, residential
wireless routers, or residential Internet enabled consumer devices."
[...]