Security for Digital Certificates

ERCOT market participants may be eligible to receive digital certificate technology and software that grant access to restricted ERCOT websites.

A market participant may be issued a digital certificate – an electronic file installed on a computer – to be allowed access to ERCOT’s restricted computer systems. The digital certificate authenticates that an individual is authorized for secure electronic messaging. A digital certificate may be used by only one person, and it may not be shared.

The market participant designates a user security administrator (USA) to manage access to ERCOT’s computer systems through digital certificates. The USA is responsible for registering digital certificate holders and administering the use of the digital certificates. The USA must confirm that potential digital certificate holders have been qualified through a screening process that includes a background review.

The market participant must establish a process to conduct a reasonable review of each potential digital certificate holder, including confirming that the person is not on any US terrorist watch list.

If a digital certificate holder is terminated or changes to a new job function that does not require access to restricted ERCOT websites, the market participant must notify ERCOT within three days. ERCOT will revoke the digital certificate.

If the digital certificate holder violates any of the conditions of use, including using the certificate for an unauthorized purpose or allowing another person to use the certificate, the market participant must notify ERCOT as soon as possible but no later than five days. ERCOT will revoke the digital certificate.

For more information, please refer to PRR606.

Export Control Compliance and Anti-Terrorist Measures

North American Electric Reliability Corporation (NERC) guidelines recommend checking the following websites for lists of people who are under security watch.