Surf Wiki
Save to docs
general/classified-information

From Surf Wiki (app.surf) — the open knowledge base

Traffic Light Protocol

System for classifying sensitive information

System for classifying sensitive information

The Traffic Light Protocol (TLP) is a system for classifying sensitive information created in the early 2000s by the UK Government's National Infrastructure Security Co-ordination Centre, in order to encourage greater sharing of sensitive information.

The fundamental concept is for the originator to signal how widely they want their information to be circulated beyond the immediate recipient. It is designed to improve the flow of information between individuals, organizations or communities in a controlled and trusted way. It is important that everyone who handles TLP-labeled communications understands and obeys the rules of the protocol. Only then can trust be established and the benefits of information sharing realized. The TLP is based on the concept of the originator labeling information with one of four colors to indicate what further dissemination, if any, can be undertaken by the recipient. The recipient must consult the originator if wider dissemination is required.

A number of current specifications for TLP exist.

  • From ISO/IEC, as part of the Standard on Information security management for inter-sector and inter-organizational communications.
  • From FIRST, which formed a Special Interest Group to draft a standardized set of definitions for the TLP colors and guidance on their usage. Version 1.0 of the standard was published by FIRST on August 31, 2016, before being replaced by Version 2.0 on August 5, 2022. CISA officially adopted Version 2.0 of the FIRST standard on November 1, 2022.

Summary of TLP's four colours and their meanings

There are four colors (or traffic lights):

  • ** RED - personal for named recipients only** :In the context of a meeting, for example, RED information is limited to those present at the meeting. The distribution of RED information will generally be via a defined list and in extreme circumstances may only be passed verbally or in person.

  • ** AMBER - limited distribution** :The recipient may share AMBER information with others within their organization and their clients, but only on a ‘need-to-know’ basis. The originator may be expected to specify the intended limits of that sharing. :** AMBER+STRICT **, introduced in TLP version 2.0, restricts sharing to the organisation only.

  • ** GREEN - community wide** :Information in this category can be circulated widely within a particular community. However, the information may not be published or posted publicly on the Internet, nor released outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community.

  • ** CLEAR - unlimited**, up until FIRST TLP 2.0: ** WHITE - unlimited** :Subject to standard copyright rules, CLEAR/WHITE information may be distributed freely, without restriction.

In practice, one will indicate a document's classification with the acronym "TLP", followed by a colon and classification level, for example: "TLP:RED".

References

References

  1. Don Stikvoort. (March 2015). "Sharing Cyber Security Information". Toegepast Natuurwetenschappelijk Onderzoek}}
    {{cite web    .
  2. (November 2015). "ISO/IEC 27010:2015 [ISO/IEC 27010:2015] {{!}} Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications". [[International Organization for Standardization]]/[[International Electrotechnical Commission]].
  3. (2016-08-31). "FIRST announces Traffic Light Protocol (TLP) version 1.0".
  4. (2022-08-05). "FIRST Releases Traffic Light Protocol Version 2.0 with important updates".
  5. (2022-08-16). "Traffic Light Protocol (TLP) Definitions and Usage". [[Cybersecurity and Infrastructure Security Agency]].
  6. (2022-11-01). "CISA Upgrades to TLP 2.0".
  7. "Traffic Light Protocol". [[Centre for Critical Infrastructure Protection]].
  8. "FIRST Traffic Light Protocol version 2.0".
Info: Wikipedia Source

This article was imported from Wikipedia and is available under the Creative Commons Attribution-ShareAlike 4.0 License. Content has been adapted to SurfDoc format. Original contributors can be found on the article history page.

classified-information information-sensitivity
Want to explore this topic further?

Ask Mako anything about Traffic Light Protocol — get instant answers, deeper analysis, and related topics.

Research with Mako

Free with your Surf account

Content sourced from Wikipedia, available under CC BY-SA 4.0.

This content may have been generated or modified by AI. CloudSurf Software LLC is not responsible for the accuracy, completeness, or reliability of AI-generated content. Always verify important information from primary sources.

Report