HOME

TheInfoList



OR:

The Traffic Light Protocol (TLP) is a system for classifying
sensitive information Information sensitivity is the control of access to information or knowledge that might result in loss of an advantage or level of security if disclosed to others. Loss, misuse, modification, or unauthorized access to sensitive information can ...
created in the early 2000s by the UK Government's National Infrastructure Security Coordination Centre (NISCC; now Centre for Protection of National Infrastructure, CPNI) to encourage greater sharing of sensitive information. The fundamental concept is for the originator to signal how widely they want their
information Information is an abstract concept that refers to that which has the power to inform. At the most fundamental level information pertains to the interpretation of that which may be sensed. Any natural process that is not completely random ...
to be circulated beyond the immediate recipient. It is designed to improve the flow of information between
individual An individual is that which exists as a distinct entity. Individuality (or self-hood) is the state or quality of being an individual; particularly (in the case of humans) of being a person unique from other people and possessing one's own Maslow ...
s,
organization An organization or organisation (Commonwealth English; see spelling differences), is an entity—such as a company, an institution, or an association—comprising one or more people and having a particular purpose. The word is derived from ...
s or
communities A community is a Level of analysis, social unit (a group of living things) with commonality such as place (geography), place, Norm (social), norms, religion, values, Convention (norm), customs, or Identity (social science), identity. Communiti ...
in a controlled and trusted way. It is important that everyone who handles TLP-labeled communications understands and obeys the rules of the protocol. Only then can trust be established and the benefits of information sharing realized. The TLP is based on the concept of the originator labeling information with one of four colors to indicate what further
dissemination To disseminate (from lat. ''disseminare'' "scattering seeds"), in the field of communication, is to broadcast a message to the public without direct feedback from the audience. Meaning Dissemination takes on the theory of the traditional view ...
, if any, can be undertaken by the recipient. The recipient must consult the originator if wider dissemination is required. A number of current specifications for TLP exist. * From ISO/IEC, as part of the Standard on Information security management for inter-sector and inter-organizational communications * From US-CERT, which is intended to provide a publicly available simple definition * From the Forum of Incident Response and Security Teams (
FIRST First or 1st is the ordinal form of the number one (#1). First or 1st may also refer to: *World record, specifically the first instance of a particular achievement Arts and media Music * 1$T, American rapper, singer-songwriter, DJ, and rec ...
), which published version 1.0 of its consolidated TLP document on August 31, 2016. arising from a Special Interest Group it created to ensure that interpretations of TLP are consistent, and clear expectations exist across user communities. FIRST deprecated version 1.0 in August 2022 (though may still be used until 31 December 2022), on the release of version 2.0.


Summary of TLP's four colours and their meanings

There are four colors (or traffic lights): * RED - personal for named recipients only :In the context of a meeting, for example, RED information is limited to those present at the meeting. The distribution of RED information will generally be via a defined list and in extreme circumstances may only be passed verbally or in person. *AMBER - limited distribution :The recipient may share AMBER information with others within their organization and their clients, but only on a ‘
need-to-know The term "need to know", when used by government and other organizations (particularly those related to the military or espionage), describes the restriction of data which is considered very sensitive. Under need-to-know restrictions, even if one ...
’ basis. The originator may be expected to specify the intended limits of that sharing. :AMBER+STRICT, introduced in TLP version 2.0, restricts sharing to the organisation only. *GREEN - community wide :Information in this category can be circulated widely within a particular community. However, the information may not be published or posted publicly on the Internet, nor released outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community. * CLEAR  - unlimited formerly:  WHITE  - unlimited :Subject to standard copyright rules, CLEAR/WHITE information may be distributed freely, without restriction. In practice, one will indicate a document's classification with the acronym "TLP", followed by a colon and classification level, for example: "TLP:RED".


See also

*
Indicator of compromise Indicator of compromise (IoC) in computer forensics is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion. Types of indication Typical IoCs are virus signatures and IP addresses ...


References

{{Reflist


External links


Forum of Incident Response and Security TeamsU.S. Department of Homeland Security
Classified information Information sensitivity