BLOG
Traffic Light Protocol
If you’re sharing sensitive computer security information it’s important to know how sensitive a document is, and who you can share it with.
US-CERT and many other security organizations use Traffic Light Protocol as shorthand for how sensitive the information in a document is. It’s simple and easy to remember with just four colour categories: Red, Amber, Green and White. If you’re likely to come into contact with sensitive infosec data, or you just want to understand the severity of current leaks, it’s good to know that it exists.
TLP: RED
Sources may use TLP: RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused.
Recipients may not share TLP: RED information with any parties outside of the specific exchange, meeting, or conversation in which it is originally disclosed.
TLP: AMBER
Sources may use TLP: AMBER when information requires support to be effectively acted upon, but carries risks to privacy, reputation, or operations if shared outside of the organizations involved.
Recipients may only share TLP: AMBER information with members of their own organization who need to know, and only as widely as necessary to act on that information.
TLP: GREEN
Sources may use TLP: GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector.
Recipients may share TLP: GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels.
TLP: WHITE
Sources may use TLP: WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.
TLP: WHITE information may be distributed without restriction, subject to copyright controls.
There’s more information about it, and a nice PDF handout, at US-CERT.
