CISA used a new subpoena power for the first time last week, to contact at least one internet service provider with customers whose software it had identified as vulnerable to a specific cyber exploit. Congress granted this authority in January, following ongoing requests from the agency. CISA can now subpoena ISPs to obtain a list of its vulnerable customers and notify them directly rather than relying on third party communication.
Source:
