Traffic Light Protocol
6 months ago
- #Data Sharing
- #Information Security
- #Cybersecurity
- TLP version 2.0 is the current standard by FIRST, authoritative from August 2022.
- TLP facilitates sensitive information sharing with defined boundaries using four labels: TLP:RED, TLP:AMBER, TLP:GREEN, TLP:CLEAR.
- Labels must remain in original form, even in translations, and should be in capitals without spaces.
- TLP is not a formal classification scheme but a simple schema for sharing sensitive information.
- TLP is optimized for ease of adoption, human readability, and can be used in automated systems like MISP or IEP.
- TLP is distinct from the Chatham House Rule but can be used together when appropriate.
- The source is responsible for ensuring recipients understand and follow TLP sharing guidance.
- Additional sharing restrictions can be specified by the source and must be adhered to by recipients.
- Recipients must obtain explicit permission to share information more widely than the TLP label allows.
- TLP usage in messaging, documents, and automated exchanges must follow specific formatting and labeling guidelines.
- Color-coding for TLP labels is provided in RGB, CMYK, and Hex to ensure readability for those with low vision.
- Definitions of community, organization, and clients under TLP are provided to clarify sharing boundaries.
- Detailed descriptions of each TLP label's sharing boundaries and use cases are outlined.