Comptroller General study

(a)

In general

Not later than 60 days after the date of enactment of this Act, the Comptroller General of the United States shall commence a comprehensive audit of the Social Security Administration computer systems and networks accessed by the United States DOGE Service, the U.S. DOGE Service Temporary Organization, or any employees or volunteers affiliated with those agencies, or, if applicable, associated agency DOGE teams, to identify security vulnerabilities or bugs in software installed, created, or modified by such individuals or entities, and whether such individuals or entities violated Federal privacy laws, including section 552a of title 5, United States Code (commonly referred to as the Privacy Act of 1974), section 6103 of the Internal Revenue Code, subchapter II of chapter 35 of title 44, United States Code (commonly referred to as the Federal Information Security Management Act), or section 1106 of the Social Security Act (42 U.S.C. 1306). (b)

Audit report

Not later than 1 year after the date of enactment of this Act, the Comptroller General shall submit to the Committee on Finance of the Senate, the Committee on Ways and Means of the House of Representatives, and the Commissioner of the Social Security Administration a report or reports describing the results of the comprehensive systems audits performed under subsection (a), including recommendations for legislation and administrative action as the Comptroller General determines appropriate. (c)

Agency action

Not later than 90 days after receipt of an audit report by the Commissioner of the Social Security Administration under subsection (b), the Commissioner shall— (1) fix any vulnerabilities or bugs identified in the report; and (2) submit to the Committee on Finance of the Senate and the Committee on Ways and Means of the House of Representatives a report on the status of those vulnerabilities or bugs.