CISA Cyber Exercise Act This bill establishes the National Cyber Exercise Program to evaluate the National Cyber Incident Response Plan and related plans and strategies. (The National Cyber Incident Response Plan outlines the roles and responsibilities, capabilities, and coordinating structures that support how the United States responds to and recovers from significant cyber incidents posing risks to critical infrastructure.) Based on current risk assessments, the exercise program shall be designed to (1) simulate partial or complete incapacitation of a government or critical infrastructure network resulting from a cyber incident, (2) provide for the systematic evaluation of cyber readiness and enhance operational understanding of the cyber incident response system and relevant information sharing agreements, and (3) develop after-action reports and plans that can incorporate lessons learned into future operations.