The Traffic Light Protocol (TLP) was created to facilitate and encourage greater sharing of information. TLP is a set of labels used to classify sharing of sensitive (but unclassified) information and improve the flow of information between organizations, communities or individuals in a controlled and trusted way.
Information sharing is essential for mitigating the spread of cyber (digital or electronic) threats and attacks through the use of security best practices and building trust between players in the security domain.
TLP utilises four colours to indicate different degrees of sensitivity and the equivalent distribution concerns to be applied by the recipient (s).
|RED||Red signifies information exclusively and specifically targeted to a group of or individuals, and could impact on privacy, reputation or operations if misused. Sharing outside the group is not authentic.|
|AMBER||Amber signifies information used to a certain (limited) extend however, poses a risk to daily operations, privacy and reputation if shared outside the organization.|
|GREEN||Green signifies information usefulness for all organization involved, as well as with community or that particular segment.|
|WHITE||White signifies information severity or indicating that the information presented, poses no risk of misuse within the rules and procedures for public dissemination.|
How to use and apply TLP
The author and source of the information required to adopt and utilize TLP should label the information with the correct classification TLP colour to clearly indicate how widely that information may be disseminated. This is done by including the TLP colour indicator either in coloured text or in a traffic light symbol. In addition, the application includes the TLP: [Colour] in unambiguous text in the header and footer of the document. If a receiver of the information needs to share the information to a wider audience than the intended and indicated TLP designation, they must attribute and acknowledge the original source.