[Congressional Bills 118th Congress]
[From the U.S. Government Publishing Office]
[H.R. 8240 Introduced in House (IH)]

<DOC>






118th CONGRESS
  2d Session
                                H. R. 8240

To require a GAO audit of the information technology infrastructure of 
the Securities and Exchange Commission and the Commission's handling of 
                                 data.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              May 2, 2024

Mrs. Wagner (for herself, Mr. Garbarino, Mr. Meuser, Mr. Huizenga, and 
  Mr. Emmer) introduced the following bill; which was referred to the 
                    Committee on Financial Services

_______________________________________________________________________

                                 A BILL


 
To require a GAO audit of the information technology infrastructure of 
the Securities and Exchange Commission and the Commission's handling of 
                                 data.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``SEC Cybersecurity Act of 2024''.

SEC. 2. GAO AUDIT OF INFORMATION TECHNOLOGY INFRASTRUCTURE AND HANDLING 
              OF DATA.

    The Comptroller General of the United States shall, not later than 
1 year after the date of the enactment of this Act--
            (1) perform an independent audit of the information 
        technology (IT) infrastructure of the Securities and Exchange 
        Commission and the Commission's handling of data, including--
                    (A) a comparison of the Commission's IT spending to 
                other Federal financial regulators, including--
                            (i) the total amount spent on IT equipment 
                        and services; and
                            (ii) the amount of IT spending in 
                        proportion to each regulator's total spending;
                    (B) examining the quality and effectiveness of the 
                Commission's IT contracting;
                    (C) determining if the Commission's data and 
                cybersecurity systems and procedures are sufficient; 
                and
                    (D) examining any recent Commission IT or data 
                events, such as breaches or hacks, that may have 
                compromised the Commission's IT infrastructure or 
                exposed a vulnerability; and
            (2) provide to the Commission, the Committee on Financial 
        Services of the House of Representatives, and the Committee on 
        Banking, Housing, and Urban Affairs of the Senate a report 
        containing--
                    (A) all findings and determinations made in 
                conducting the audit; and
                    (B) recommendations for steps that can be taken to 
                improve the Commission's IT infrastructure.
                                 <all>