Market switchover to be performed; data will be delayed

Markets & Operations

PJM Security

PJM has the responsibility to ensure the integrity and confidentiality of the systems and data (provided by members or derived by PJM) at PJM. In pursuing this responsibility, PJM employs a variety of security techniques, including the use of strong passwords to authorize user requests for access to data and systems.

Frequently Asked Questions about Tools Security EnhancementsPDF

PJM Policy and the associated rules that define how a password must be composed define strong passwords. The rules that are in effect through Account Manager are:

Usernames

  • Must be at least 6 characters
  • Must be unique across all users and companies
  • The first character of a username cannot be a special character

Passwords

  • Must contain at least one upper case and one lower case letter
  • Must contain a numeral
  • Must contain one special character -- valid special characters include: ()!$`~:.,<>=?^_{}[]|
  • Password length of at least 10 characters and not more than 16 characters
  • Username cannot be part of your password
  • Cannot use the same password for 15 generations
  • The first character of password cannot be a special character
  • PJM members are encouraged to follow good password practices to protect their data at PJM from inappropriate access at their locations.
  • Your first name or last name cannot be part of your password
  • User accounts are required to change passwords every 128 days

Reasonable password practices suggested for use by PJM members include:

  • Change your password to each tool at a regular frequency, such as 60 days
  • Never write passwords down
  • Do not share passwords with other users
  • Remove user IDs and passwords from PJM applications if a person at the company changes their job function or leaves the company
  • Do not use a common user id and password for many people to access a PJM tool unless absolutely required for business purposes

Authenticated Single Sign-On Sessions

  • Will be de-activated after 30 minutes of inactivity
  • Will be de-activated after 8 hours regardless of length of activity

Timeout per Application

  • 60 minute timeout – Account Manager, Bulletin Board, Data Miner, Messages
  • 8 hour timeout – Billing Line Item Transfer, Emergency Procedures, ExSchedule, InSchedule, Markets Gateway, FTR Center, Planning Center, Post Contingency Local Load Relief Warnings, Power Meter, Member Community, Voting, DR Hub
  • 24 hour timeout – Data Viewer