Sponsors (3)
The bill improves security, privacy, and congressional oversight of SSA systems through an independent audit and mandated remediation, but it creates potential additional costs, information-release risks, and tight deadlines that may strain agencies and lead to rushed or incomplete fixes.
Taxpayers and Social Security beneficiaries will receive an independent GAO audit that identifies security vulnerabilities in SSA systems and requires remediation within 90 days, reducing risk of fraud, theft, and service disruptions.
Taxpayers and Social Security beneficiaries gain stronger privacy protections because the audit can reveal violations of federal privacy laws and prompt corrective actions to protect personal data.
Taxpayers benefit from improved congressional oversight because Congress receives a formal GAO report with findings and recommendations within one year, enabling legislative or funding responses to address systemic problems.
Taxpayers and SSA operations may face higher costs because remediating identified vulnerabilities could require additional SSA spending or reallocation of resources.
Federal employees and beneficiaries may experience rushed or incomplete reviews and fixes because tight deadlines (60‑day start, 1‑year report, 90‑day remediation) could strain GAO and SSA resources.
Taxpayers and state governments risk confusion or reduced accountability because the audit and reporting process could expose sensitive system details or leave reporting requirements and recipients unclear.
Based on analysis of 2 sections of legislative text.
Requires a GAO audit of SSA systems accessed by the U.S. DOGE Service and related actors to find security/privacy violations and requires SSA to remediate and report.
Introduced June 4, 2025 by Sheldon Whitehouse · Last progress June 4, 2025
Requires the Comptroller General to audit Social Security Administration computer systems and networks that were accessed by the U.S. DOGE Service, related temporary organizations, employees, volunteers, or agency DOGE teams to find security vulnerabilities and determine whether federal privacy or security laws were violated. The audit must begin within 60 days of enactment and the GAO must deliver a report with findings and recommendations within one year. After receiving the audit, the Social Security Administration Commissioner must fix identified vulnerabilities or software bugs and file a status report with the specified congressional committees and the Comptroller General within 90 days of receiving the audit report. The text does not provide funding or additional enforcement beyond the required reports and remediation timeline.