Markets & Operations

PJM Security

PJM takes steps to safeguard the integrity and confidentiality of PJM's systems as well as certain proprietary and confidential data and derivations from such data. PJM employs a variety of security techniques, including but not limited to strong authentication including multi-factor authentication, role-based access controls, and strong encryption for connections to PJM's systems. These controls promote secure and authorized access to PJM's systems and data.

Frequently Asked Questions
Certificate Replacement FAQ PDF
Password Reset Best Practices PDF
PKI Certificates & Two-Step Verification Browserless/API PDF
Two-Step Verification PDF

Training
Authentication and Single Sign On Enhancements for PJM Tools
Browserless'/API 2 Factor Authentication
FIPS 140-3 Transition Guide PDF
Instructions to download the Root and IA (Intermediate Cert) PDF
Public Key Infrastructure (PKI) Demonstration
PKI Certificate Authentication: Java Code Sample PDF.net Code Sample PDF
PKI Export Public Keys PDF | PKI Authentication Guide PDF

Weak Encryption Remediation Guide PDF

PJM policy and the associated rules that define how a password must be composed define strong passwords. The rules that are in effect through Account Manager are:

Usernames

  • Must be at least 6 characters
  • Must be unique across all users and companies
  • The first character of a username cannot be a special character

Passwords

  • Must contain at least one upper case and one lower case letter
  • Must contain a numeral
  • Must contain one special character -- valid special characters include: ()!$`~:.,<>=?^_{}[]|
  • Password length of at least 10 characters and not more than 16 characters
  • Username cannot be part of your password
  • Cannot use the same password for 15 generations
  • The first character of password cannot be a special character
  • PJM members are encouraged to follow good password practices to protect their data at PJM from inappropriate access at their locations.
  • Your first name or last name cannot be part of your password.
  • User accounts are required to change passwords every 128 days.

Reasonable password practices suggested for use by PJM members include:

  • Change your password to each tool at a regular frequency, such as 60 days.
  • Never write passwords down.
  • Do not share passwords with other users.
  • Remove usernames and passwords from PJM tools if a person at the company changes their job function or leaves the company.
  • Do not use a common username and password for many people to access a PJM tool unless absolutely required for business purposes.

Single Sign-On Timeout per Tool

  • 60-minute timeout
    • Account Manager
    • Bulletin Board
    • Messages
  • 8-hour timeout
    • Billing Line Item Transfer
    • DR Hub
    • Dart/eDART
    • Emergency Procedures
    • ExSchedule
    • InSchedule
    • Markets Gateway
    • FTR Center
    • Planning Center
    • Power Meter
    • Member Community
    • TO Connection
    • Voting
  • 24-hour timeout – Data Viewer