Traffic Light Protocol
User Guide and Definitions
• The protection and disclosure of sensitive information must follow information security principles that can be used in a responsible and intuitive manner. In this sense, the NCSC respects the Traffic Light Protocol (TLP), namely the FIRST Standards Definitions and Usage Guidance — Version 2.0 as a guiding standard for information classification within the scope of its CSIRT mission.
The TLP provides an easy scheme to indicate when (Protection) and how (Dissemination) information can be shared with the national and international cyber security community. This protocol adopts a colour scheme (traffic light) to indicate the different levels of sensitivity and expected actions that must be respected when handling information.
The TLP defines an information classification framework essential for trust among peers, based on the commitment to respect its rules by all stakeholders.
Therefore, it is fundamental in the way the cybersecurity community communicates, shares, and acts to protect networks and information systems.
The source is responsible for ensuring that recipients of TLP information understand the TLP sharing rules so that they can follow them.
If a recipient needs to share information beyond what the original TLP classification allows, explicit permission must be obtained from the original source.
| Classification of Information | Protection of Information (When to use?) | Dissemination of Information (How to share?) | Remarks |
|---|---|---|---|
| TLP:RED | When the information is very sensitive, and third parties cannot act effectively on the information. Any misuse of the information may impact a party's privacy, reputation, or operations. | Recipients cannot share the information with anyone other than the recipients specified in the context of the sharing (conversation, meeting, etc.). Preferably, information should be shared verbally or in person. | These limits must be respected. Failure to respect this classification results in a breach of trust between the parties, in addition to severe damage to third parties. |
| TLP:AMBER+STRICT | When support is needed to act effectively on information, but there are still risks to privacy, reputation, or operations if it is disclosed outside the organisations involved. | Recipients may only share information with members of their own organisations to protect themselves or prevent future harm. Therefore, the need-to-know principle always applies. | These limits must be respected. Failure to respect this classification results in a breach of trust between the parties, in addition to severe damage to third parties. |
| TLP:AMBER | When support is needed to act effectively on information, but there are still risks to privacy, reputation, or operations if it is disclosed outside the organisations involved. Only sources can specify additional limits on sharing (they should be contacted for this). | Recipients may only share information with members of their own organisations or with their clients to protect themselves or prevent future harm. Therefore, the need-to-know principle applies at all times. | These limits must be respected. Failure to respect this classification results in a breach of trust between the parties, in addition to severe damage to third parties. |
| TLP:GREEN | When sharing information is useful for raising the awareness of all entities and contact points within the community or sector. | Recipients can only share information within their own community. Recipients can share the information with members of their own organisation, partners, community, and sector contact points, but never through public channels or to the public. | These limits must be respected. Failure to respect this classification results in a breach of trust between the parties, in addition to severe damage to third parties. |
| TLP:CLEAR | When sharing information entails little or no risk, according to the rules and procedures applied in the disclosure of public information. | The sharing of information has no restriction, although subject to copyright. | --- |
To view the document (only available in portuguese)
The original version can be seen at: https://www.first.org/tlp/ .
Last updated on 02-11-2022