They have not endorsed CISA. What the letter they (along with Microsoft) signed called for is legislation to allow sharing information about security threats, not personal information. It just happens that the only bill that does that at the moment is CISA, which unfortunately also has clauses about sharing personal information with the government.