[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[S. 2533 Introduced in Senate (IS)]

<DOC>






119th CONGRESS
  1st Session
                                S. 2533

 To require performance and security audits of certain agency computer 
                    systems, and for other purposes.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                             July 30, 2025

Mr. Whitehouse (for himself, Mr. Wyden, and Ms. Warren) introduced the 
 following bill; which was read twice and referred to the Committee on 
               Homeland Security and Governmental Affairs

_______________________________________________________________________

                                 A BILL


 
 To require performance and security audits of certain agency computer 
                    systems, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Pick Up After Your DOGE Act''.

SEC. 2. DEFINITION.

    In this Act, the term ``appropriate congressional committee'' means 
any committee with jurisdiction over an agency that is the subject of 
an audit under this Act.

SEC. 3. UNITED STATES DOGE SERVICE ACCESS TO DATA.

    Not later than 30 days after the date of enactment of this Act, the 
Administrator of the United States DOGE Service shall submit to the 
appropriate congressional committees and the Comptroller General of the 
United States a full accounting of all Federal agencies where agency 
DOGE teams, as defined in Executive Order 14158 (90 Fed. Reg. 8441; 
relating to establishing and implementing the President's Department of 
Government Efficiency), or individuals acting on behalf of, or at the 
instruction of, the United States DOGE Service or agency DOGE teams, 
accessed Federal agency computer systems, networks, data, or 
information.

SEC. 4. COMPTROLLER GENERAL STUDIES.

    (a) In General.--Not later than 60 days after the date of enactment 
of this Act, the Comptroller General of the United States shall 
commence a comprehensive audit of Federal agency computer systems and 
networks accessed by the United States DOGE Service, the U.S. DOGE 
Service Temporary Organization, or any employees or volunteers 
affiliated with those agencies, or, if applicable, associated agency 
DOGE teams, to identify security vulnerabilities or bugs in software 
installed, created, or modified by the United States DOGE Service, the 
U.S. DOGE Service Temporary Organization, or any employees or 
volunteers affiliated with those agencies, or, if applicable, 
associated agency DOGE teams.
    (b) Priority Review.--In conducting the audits described in 
subsection (a), the Comptroller General shall give priority to reviews 
of the systems, networks, and databases of the Social Security 
Administration, the Department of Health and Human Services and the 
Centers for Medicare & Medicaid Services, and the Department of the 
Treasury and the Internal Revenue Service.
    (c) Initial Audit Results.--Not later than 1 year after the date of 
enactment of this Act, the Comptroller General shall submit to the 
appropriate congressional committees and agency heads a report or 
reports describing the results of the comprehensive systems audits 
performed under subsection (a) for the Social Security Administration, 
the Department of Health and Human Services and the Centers for 
Medicare & Medicaid Services, and the Department of the Treasury and 
the Internal Revenue Service, including recommendations for legislation 
and administrative action as the Comptroller General determines 
appropriate.
    (d) Final Audit Results.--Not later than 2 years after the date of 
enactment of this Act, the Comptroller General shall submit to the 
appropriate congressional committees and agency heads a report or 
reports describing the results of the comprehensive systems audits 
performed under subsection (a) for other Federal agencies selected for 
review by the Comptroller General, in consultation with the appropriate 
congressional committees, including recommendations for legislation and 
administrative actions as the Comptroller General determines 
appropriate.
    (e) Agency Action.--Not later than 90 days after receipt of an 
audit report by an agency head under subsections (c) or (d), the agency 
head shall--
            (1) fix any vulnerabilities or bugs identified in the 
        report; and
            (2) submit to the appropriate committee of jurisdiction a 
        report on the status of those vulnerabilities or bugs.
                                 <all>