Requires the Department of Homeland Security, acting through CISA, to inspect and assess foreign-made, internet-connected port cranes for cybersecurity risks and to remove any crane judged unsafe until it is certified safe. It bars use at U.S. ports of covered foreign-made cranes bought under contracts entered into on or after enactment, restricts use of specified foreign software on covered cranes (with a five-year phase-out for existing cranes), and requires briefings to Congress on the risks and findings.