CINXE.COM

Traffic Light Protocol (TLP)

<!doctype html><html lang="en" class="web tlp-clear" data-studio-config="eyJ4aHJDcmVkZW50aWFscyI6ZmFsc2UsInhockhlYWRlcnMiOnt9fQo="><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8" /><title>Traffic Light Protocol (TLP)</title> <meta property="og:title" content="Traffic Light Protocol (TLP)" /> <meta property="og:type" content="website" /> <meta property="og:image" content="https://www.first.org/_/img/first-big-icon.png" /> <meta property="og:url" content="https://www.first.org/tlp/" /> <meta property="og:site_name" content="FIRST — Forum of Incident Response and Security Teams" /> <meta property="fb:profile_id" content="296983660669109" /> <meta property="twitter:card" content="summary" /> <meta property="twitter:site" content="@FIRSTdotOrg" /><meta name="viewport" content="initial-scale=1,maximum-scale=1.0,user-scalable=no" /><link rel="icon" type="image/png" href="/1st.png" /><link rel="apple-touch-icon" sizes="128x128" href="/favicon.png" /><link rel="stylesheet" type="text/css" href="/_/web.css?20241031194005" /></head><body><header><div id="header" data-studio="CU52CV1W8g"><div id="c3" data-studio="Yu8FjCC11g"><div id="topbar"> <div class="sites right"> <ul> <li><a href="https://support.first.org" class="kb-datalist"><img src="/_/img/icon-portal_support.svg" alt="FIRST Support" title="FIRST Support" /></a></li> <li><a href="https://portal.first.org" class="button"><span class="no-tiny">Member </span>Portal</a></li> </ul> </div> <div class="first-logo"> <p><a href="/"><img src="/_/img/first-org-simple-negative.svg" alt="FIRST.Org" title="FIRST" /></a></p> </div> <div class="nav"> <ul class="navbar"><li><a href="/about">About FIRST</a><ul><li><a href="/about/mission">Mission Statement</a></li><li><a href="/about/history">History</a></li><li><a href="/about/sdg">Sustainable Development Goals</a></li><li><a href="/about/organization">Organization</a><ul><li><a href="/about/organization/directors">Board of Directors</a></li><li><a>Operations Team</a><ul><li><a href="/about/organization/ccb">Community &amp; Capacity Building</a></li><li><a href="/about/organization/events">Event Office</a></li><li><a href="/about/organization/executive-director">Executive Director</a></li><li><a href="/about/organization/infrastructure">Infrastructure</a></li><li><a href="/about/organization/secretariat">Secretariat</a></li></ul></li><li><a href="/about/organization/committees">Committees</a><ul><li><a href="/about/organization/committees/compensation-committee">Compensation Committee</a></li><li><a href="/about/organization/committees/conference-program-committee">Conference Program Committee</a></li><li><a href="/about/organization/committees/membership-committee">Membership Committee</a></li><li><a href="/about/organization/committees/rules-committee">Rules Committee</a></li><li><a href="/about/organization/committees/standards">Standards Committee</a></li></ul></li><li><a href="/events/agm">Annual General Meeting</a></li><li><a href="/about/organization/reports">Annual Reports and Tax Filings</a></li></ul></li><li><a href="/about/policies">FIRST Policies</a><ul><li><a href="/about/policies/anti-corruption">Anti-Corruption Policy</a></li><li><a href="/about/policies/antitrust">Antitrust Policy</a></li><li><a href="/about/policies/bylaws">Bylaws</a></li><li><a href="/about/policies/board-duties">Board duties</a></li><li><a href="/about/bugs">Bug Bounty Program</a></li><li><a href="/about/policies/code-of-conduct">Code of Conduct</a></li><li><a href="/about/policies/conflict-policy">Conflict of Interest Policy</a></li><li><a href="/about/policies/doc-rec-retention-policy">Document Record Retention and Destruction Policy</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li><li><a href="/about/policies/gen-event-reg-refund-policy">General Event Registration Refund Policy</a></li><li><a href="/about/policies/event-site-selection">Guidelines for Site Selection for all FIRST events</a></li><li><a href="/identity">Identity &amp; Logo Usage</a></li><li><a href="/about/policies/mailing-list">Mailing List Policy</a></li><li><a href="/about/policies/media">Media Policy</a></li><li><a href="/about/policies/privacy">Privacy Policy</a></li><li><a href="/about/policies/registration-terms-conditions">Registration Terms &amp; Conditions</a></li><li><a href="/about/policies/terms">Services Terms of Use</a></li><li><a href="/about/policies/standards">Standards Policy</a></li><li><a href="/about/policies/diversity">Statement on Diversity &amp; Inclusion</a></li><li><a href="/about/policies/translation-policy">Translation Policy</a></li><li><a href="/about/policies/travel-policy">Travel Policy</a></li><li><a href="/about/policies/uniform-ipr">Uniform IPR Policy</a></li><li><a href="/about/policies/whistleblower-policy">Whistleblower Protection Policy</a></li></ul></li><li><a href="/about/partners">Partnerships</a><ul><li><a href="/global/partners">Partners</a></li><li><a href="/global/friends">Friends of FIRST</a></li><li><a href="/global/supporters/">FIRST Supporters</a></li><li><a href="/about/sponsors">Sponsors</a></li></ul></li><li><a href="/newsroom">Newsroom</a><ul><li><a href="/newsroom/news">What&#039;s New</a></li><li><a href="/newsroom/releases">Press Releases</a></li><li><a href="/newsroom/news/media">In the News</a></li><li><a href="/podcasts">Podcasts</a><ul><li><a href="/newsroom/news/first-impressions/">FIRST Impressions Podcast</a></li><li><a href="/newsroom/news/podcasts/">FIRSTCON Podcast</a></li></ul></li><li><a href="/newsroom/newsletters">Newsletters</a></li><li><a href="/newsroom/policy">FIRST Press Policy</a></li></ul></li><li><a href="/about/procurement">Procurement</a></li><li><a href="/about/jobs/">Jobs</a></li><li><a href="/contact">Contact</a></li></ul></li><li><a href="/members">Membership</a><ul><li><a href="/membership/">Becoming a Member</a><ul><li><a href="/membership/process">Membership Process for Teams</a></li><li><a href="/membership/process-liaisons">Membership Process for Liaisons</a></li><li><a href="/membership/#Fees">Membership Fees</a></li></ul></li><li><a href="/members/teams">FIRST Teams</a></li><li><a href="/members/liaisons">FIRST Liaisons</a></li><li><a href="/members/map">Members around the world</a></li></ul></li><li><a href="/global">Initiatives</a><ul><li><a href="/global/sigs">Special Interest Groups (SIGs)</a><ul><li><a href="/global/sigs/framework">SIGs Framework</a></li><li><a href="/global/sigs/academicsec" class="borderb">Academic Security SIG</a></li><li><a href="/global/sigs/ai-security">AI Security SIG</a></li><li><a href="/global/sigs/automation">Automation SIG</a></li><li><a href="/global/sigs/bigdata">Big Data SIG</a></li><li><a href="/cvss">Common Vulnerability Scoring System (CVSS-SIG)</a><ul><li><a href="/cvss/calculator/4.0">Calculator</a></li><li><a href="/cvss/v4.0/specification-document">Specification Document</a></li><li><a href="/cvss/v4.0/user-guide">User Guide</a></li><li><a href="/cvss/v4.0/examples">Examples</a></li><li><a href="/cvss/v4.0/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v4-0">CVSS v4.0 Documentation &amp; Resources</a><ul><li><a href="/cvss/calculator/4.0">CVSS v4.0 Calculator</a></li><li><a href="/cvss/v4.0/specification-document">CVSS v4.0 Specification Document</a></li><li><a href="/cvss/v4.0/user-guide">CVSS v4.0 User Guide</a></li><li><a href="/cvss/v4.0/examples">CVSS v4.0 Examples</a></li><li><a href="/cvss/v4.0/faq">CVSS v4.0 FAQ</a></li></ul></li><li><a href="/cvss/v3-1">CVSS v3.1 Archive</a><ul><li><a href="/cvss/calculator/3.1">CVSS v3.1 Calculator</a></li><li><a href="/cvss/v3.1/specification-document">CVSS v3.1 Specification Document</a></li><li><a href="/cvss/v3.1/user-guide">CVSS v3.1 User Guide</a></li><li><a href="/cvss/v3.1/examples">CVSS v3.1 Examples</a></li><li><a href="/cvss/v3.1/use-design">CVSS v3.1 Calculator Use &amp; Design</a></li></ul></li><li><a href="/cvss/v3-0">CVSS v3.0 Archive</a><ul><li><a href="/cvss/calculator/3.0">CVSS v3.0 Calculator</a></li><li><a href="/cvss/v3.0/specification-document">CVSS v3.0 Specification Document</a></li><li><a href="/cvss/v3.0/user-guide">CVSS v3.0 User Guide</a></li><li><a href="/cvss/v3.0/examples">CVSS v3.0 Examples</a></li><li><a href="/cvss/v3.0/use-design">CVSS v3.0 Calculator Use &amp; Design</a></li></ul></li><li><a href="/cvss/v2">CVSS v2 Archive</a><ul><li><a href="/cvss/v2/guide">CVSS v2 Complete Documentation</a></li><li><a href="/cvss/v2/history">CVSS v2 History</a></li><li><a href="/cvss/v2/team">CVSS-SIG team</a></li><li><a href="/cvss/v2/meetings">SIG Meetings</a></li><li><a href="/cvss/v2/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v2/adopters">CVSS Adopters</a></li><li><a href="/cvss/v2/links">CVSS Links</a></li></ul></li><li><a href="/cvss/v1">CVSS v1 Archive</a><ul><li><a href="/cvss/v1/intro">Introduction to CVSS</a></li><li><a href="/cvss/v1/faq">Frequently Asked Questions</a></li><li><a href="/cvss/v1/guide">Complete CVSS v1 Guide</a></li></ul></li><li><a href="/cvss/data-representations">JSON &amp; XML Data Representations</a></li><li><a href="/cvss/training">CVSS On-Line Training Course</a></li><li><a href="/cvss/identity">Identity &amp; logo usage</a></li></ul></li><li><a href="/global/sigs/csirt">CSIRT Framework Development SIG</a></li><li><a href="/global/sigs/cyberinsurance">Cyber Insurance SIG</a><ul><li><a href="/global/sigs/cyberinsurance/events">Cyber Insurance SIG Webinars</a></li></ul></li><li><a href="/global/sigs/cti">Cyber Threat Intelligence SIG</a><ul><li><a href="/global/sigs/cti/curriculum/">Curriculum</a><ul><li><a href="/global/sigs/cti/curriculum/introduction">Introduction</a></li><li><a href="/global/sigs/cti/curriculum/cti-introduction">Introduction to CTI as a General topic</a></li><li><a href="/global/sigs/cti/curriculum/methods-methodology">Methods and Methodology</a></li><li><a href="/global/sigs/cti/curriculum/pir">Priority Intelligence Requirement (PIR)</a></li><li><a href="/global/sigs/cti/curriculum/source-evaluation">Source Evaluation and Information Reliability</a></li><li><a href="/global/sigs/cti/curriculum/machine-human">Machine and Human Analysis Techniques (and Intelligence Cycle)</a></li><li><a href="/global/sigs/cti/curriculum/threat-modelling">Threat Modelling</a></li><li><a href="/global/sigs/cti/curriculum/training">Training</a></li><li><a href="/global/sigs/cti/curriculum/standards">Standards</a></li><li><a href="/global/sigs/cti/curriculum/glossary">Glossary</a></li><li><a href="/global/sigs/cti/curriculum/cti-reporting/">Communicating Uncertainties in CTI Reporting</a></li></ul></li><li><a href="/global/sigs/cti/events/">Webinars and Online Training</a></li><li><a href="/global/sigs/cti/cti-program">Building a CTI program and team</a><ul><li><a href="/global/sigs/cti/cti-program/program-stages">Program maturity stages</a><ul><li><a href="/global/sigs/cti/cti-program/stage1">CTI Maturity model - Stage 1</a></li><li><a href="/global/sigs/cti/cti-program/stage2">CTI Maturity model - Stage 2</a></li><li><a href="/global/sigs/cti/cti-program/stage3">CTI Maturity model - Stage 3</a></li></ul></li><li><a href="/global/sigs/cti/cti-program/starter-kit">Program Starter Kit</a></li><li><a href="/global/sigs/cti/cti-program/resources">Resources and supporting materials</a></li></ul></li></ul></li><li><a href="/global/sigs/digital-safety">Digital Safety SIG</a></li><li><a href="/global/sigs/dns">DNS Abuse SIG</a><ul><li><a href="/global/sigs/dns/policies">Code of Conduct &amp; Other Policies</a></li><li><a href="/global/sigs/dns/dns-abuse-examples">Examples of DNS Abuse</a></li></ul></li><li><a href="/global/sigs/ethics">Ethics SIG</a><ul><li><a href="/global/sigs/ethics/ethics-first">Ethics for Incident Response Teams</a></li></ul></li><li><a href="/epss/">Exploit Prediction Scoring System (EPSS)</a><ul><li><a href="/epss/model">The EPSS Model</a></li><li><a href="/epss/data_stats">Data and Statistics</a></li><li><a href="/epss/user-guide">User Guide</a></li><li><a href="/epss/research">EPSS Research and Presentations</a></li><li><a href="/epss/faq">Frequently Asked Questions</a></li><li><a href="/epss/who_is_using">Who is using EPSS?</a></li><li><a href="/epss/epss_tools">Open-source EPSS Tools</a></li><li><a href="/epss/api">API</a></li><li><a href="/epss/papers">Related Exploit Research</a></li><li><a>Blog</a><ul><li><a href="/epss/articles/prob_percentile_bins">Understanding EPSS Probabilities and Percentiles</a></li><li><a href="/epss/articles/log4shell">Log4Shell Use Case</a></li><li><a href="/epss/articles/estimating_old_cvss">Estimating CVSS v3 Scores for 100,000 Older Vulnerabilities</a></li></ul></li><li><a href="/epss/partners">Data Partners</a></li></ul></li><li><a href="/global/sigs/msr/">FIRST Multi-Stakeholder Ransomware SIG</a></li><li><a href="/global/sigs/hfs/">Human Factors in Security SIG</a></li><li><a href="/global/sigs/ics">Industrial Control Systems SIG (ICS-SIG)</a></li><li><a href="/global/sigs/iep">Information Exchange Policy SIG (IEP-SIG)</a></li><li><a href="/global/sigs/information-sharing">Information Sharing SIG</a><ul><li><a href="/global/sigs/information-sharing/misp">Malware Information Sharing Platform</a></li></ul></li><li><a href="/global/sigs/le">Law Enforcement SIG</a></li><li><a href="/global/sigs/malware">Malware Analysis SIG</a><ul><li><a href="/global/sigs/malware/ma-framework">Malware Analysis Framework</a></li><li><a href="/global/sigs/malware/ma-framework/malwaretools">Malware Analysis Tools</a></li></ul></li><li><a href="/global/sigs/metrics">Metrics SIG</a><ul><li><a href="/global/sigs/metrics/events">Metrics SIG Webinars</a></li></ul></li><li><a href="/global/sigs/netsec/">NETSEC SIG</a></li><li><a href="/global/sigs/passive-dns">Passive DNS Exchange</a></li><li><a href="/global/sigs/policy">Policy SIG</a></li><li><a href="/global/sigs/psirt">PSIRT SIG</a></li><li><a href="/global/sigs/red-team">Red Team SIG</a></li><li><a href="/global/sigs/cpg">Retail and Consumer Packaged Goods (CPG) SIG</a></li><li><a href="/global/sigs/ctf">Security Lounge SIG</a></li><li><a href="/global/sigs/tic/">Threat Intel Coalition SIG</a><ul><li><a href="/global/sigs/tic/membership-rules">Membership Requirements and Veto Rules</a></li></ul></li><li><a href="/global/sigs/tlp">Traffic Light Protocol (TLP-SIG)</a></li><li><a href="/global/sigs/transport">Transportation and Mobility SIG</a></li><li><a href="/global/sigs/vulnerability-coordination">Vulnerability Coordination</a><ul><li><a href="/global/sigs/vulnerability-coordination/multiparty">Multi-Party Vulnerability Coordination and Disclosure</a></li><li><a href="/global/sigs/vulnerability-coordination/multiparty/guidelines">Guidelines and Practices for Multi-Party Vulnerability Coordination and Disclosure</a></li></ul></li><li><a href="/global/sigs/vrdx">Vulnerability Reporting and Data eXchange SIG (VRDX-SIG)</a><ul><li><a href="/global/sigs/vrdx/vdb-catalog">Vulnerability Database Catalog</a></li></ul></li><li><a href="/global/sigs/wof">Women of FIRST</a></li></ul></li><li><a href="/global/governance">Internet Governance</a></li><li><a href="/global/irt-database">IR Database</a></li><li><a href="/global/fellowship">Fellowship Program</a><ul><li><a href="https://portal.first.org/fellowship">Application Form</a></li></ul></li><li><a href="/global/mentorship">Mentorship Program</a></li><li><a href="/hof">IR Hall of Fame</a><ul><li><a href="/hof/inductees">Hall of Fame Inductees</a></li></ul></li><li><a href="/global/victim-notification">Victim Notification</a></li><li><a href="/volunteers/">Volunteers at FIRST</a><ul><li><a href="/volunteers/list">FIRST Volunteers</a></li><li><a href="/volunteers/participation">Volunteer Contribution Record</a></li></ul></li><li><a href="#new">Previous Activities</a><ul><li><a href="/global/practices">Best Practices Contest</a></li></ul></li></ul></li><li><a href="/standards">Standards &amp; Publications</a><ul><li><a href="/standards">Standards</a><ul><li><a href="/cvss">Common Vulnerability Scoring System (CVSS-SIG)</a></li><li><a href="/tlp">Traffic Light Protocol (TLP)</a><ul><li><a href="/tlp/use-cases">TLP Use Cases</a></li></ul></li><li><a href="/standards/frameworks/">Service Frameworks</a><ul><li><a href="/standards/frameworks/csirts">CSIRT Services Framework</a></li><li><a href="/standards/frameworks/psirts">PSIRT Services Framework</a></li></ul></li><li><a href="/iep">Information Exchange Policy (IEP)</a><ul><li><a href="/iep/iep_framework_2_0">IEP 2.0 Framework</a></li><li><a href="/iep/iep-json-2_0">IEP 2.0 JSON Specification</a></li><li><a href="/iep/iep-polices">Standard IEP Policies</a><ul><li><a href="https://www.first.org/iep/2.0/first-tlp-iep.iepj">IEP TLP Policy File</a></li><li><a href="https://www.first.org/iep/2.0/first-unknown-iep.iepj">IEP Unknown Policy File</a></li></ul></li><li><a href="/iep/iep_v1_0">IEP 1.0 Archive</a></li></ul></li><li><a href="/global/sigs/passive-dns">Passive DNS Exchange</a></li><li><a href="/epss">Exploit Prediction Scoring System (EPSS)</a></li></ul></li><li><a href="/resources/papers">Publications</a></li></ul></li><li><a href="/events">Events</a></li><li><a href="/education">Education</a><ul><li><a href="/education/first-training">FIRST Training</a><ul><li><a href="/education/trainings">Training Courses</a></li><li><a href="/education/trainers">FIRST Trainers</a></li></ul></li></ul></li><li><a href="/blog">Blog</a></li></ul> </div> </div> <div id="home-buttons"> <p><a href="/join" data-title="Join"><img alt="Join" src="/_/img/icon-join.svg"><span class="tt-join">Join<span>Details about FIRST membership and joining as a full member or liaison.</span></span></a> <a href="/learn" data-title="Learn"><img alt="Learn" src="/_/img/icon-learn.svg"><span class="tt-learn">Learn<span>Training and workshop opportunities, and details about the FIRST learning platform.</span></span></a> <a href="/participate" data-title="Participate"><img alt="Participate" src="/_/img/icon-participate.svg"><span class="tt-participate">Participate<span>Read about upcoming events, SIGs, and know what is going on.</span></span></a></p> </div></div></div></header><div id="body" data-studio="CU52CV1W8g"><div id="c1" data-studio="Yu8FjCC11g" class="ol-letters"><h1 id="TRAFFIC-LIGHT-PROTOCOL-TLP">TRAFFIC LIGHT PROTOCOL (TLP)</h1> <h2 id="FIRST-Standards-Definitions-and-Usage-Guidance-Version-2-0">FIRST Standards Definitions and Usage Guidance — Version 2.0</h2> <p><strong>TLP version 2.0 is the current version of TLP standardized by FIRST. It is authoritative from August 2022 onwards</strong></p> <h3 id="Introduction">1. Introduction</h3> <p>a. The Traffic Light Protocol (TLP) was created to facilitate greater sharing of potentially sensitive information and more effective collaboration. Information sharing happens from an information <em>source</em>, towards one or more <em>recipients</em>. TLP is a set of four labels used to indicate the sharing boundaries to be applied by the recipients. Only labels listed in this standard are considered valid by FIRST.</p> <p>b. The four TLP labels are: TLP:RED, TLP:AMBER, TLP:GREEN, and TLP:CLEAR. In written form, they MUST not contain spaces and SHOULD be in capitals. TLP labels MUST remain in their original form, even when used in other languages: content can be translated, but the labels cannot.</p> <p>c. TLP provides a simple and intuitive schema for indicating with whom potentially sensitive information can be shared. TLP is not a formal classification scheme. TLP was not designed to handle licensing terms, nor information handling or encryption rules. TLP labels and their definitions are not intended to have any effect on freedom of information or “sunshine” laws in any jurisdiction.</p> <p>d. TLP is optimized for ease of adoption, human readability and person-to-person sharing; it may be used in automated information exchange systems, such as <a href="https://www.misp-project.org">MISP</a> or <a href="https://www.first.org/iep/">IEP</a>.</p> <p>e. TLP is distinct from the Chatham House Rule, but may be used in conjunction when appropriate. When a meeting is held under the Chatham House Rule, participants are free to use the information received, but neither the identity nor the affiliation of the speaker(s), nor that of any other participant, may be revealed.</p> <p>f. <strong>The source is responsible for ensuring that recipients of TLP-labeled information understand and can follow TLP sharing guidance.</strong></p> <p>g. <strong>The source is at liberty to specify additional sharing restrictions. These must be adhered to by recipients.</strong></p> <p>h. <strong>If a recipient needs to share information more widely than indicated by the TLP label it came with, they must obtain explicit permission from the source.</strong></p> <h3 id="Usage">2. Usage</h3> <p>a. <strong>How to use TLP in messaging (such as email and chat)</strong><br /> TLP-labeled messaging MUST indicate the TLP label of the information, as well as any additional restrictions, directly prior to the information itself. The TLP label SHOULD be in the subject line of email. Where needed, also make sure to designate the end of the text to which the TLP label applies.</p> <p>b. <strong>How to use TLP in documents</strong>   TLP-labeled documents MUST indicate the TLP label of the information, as well as any additional restrictions, in the header and footer of each page. The TLP label SHOULD be in <strong>12-point type or greater</strong> for users with low vision. It is recommended to right-justify TLP labels.</p> <p>c. <strong>How to use TLP in automated information exchanges</strong> TLP usage in automated information exchanges is not defined: this is left to the designers of such exchanges, but MUST be in accordance with this standard.</p> <p>d. <strong>TLP color-coding in RGB, CMYK and Hex</strong></p> <table class="table-tlp" border="1" cellspacing="0" cellpadding="0"> <tr> <td rowspan="2"></td> <td class="bg-blue" colspan="3">RGB:<br>font</td> <td class="bg-blue" colspan="3">RGB:<br>background</td> <td class="bg-green" colspan="4">CMYK:<br>font</td> <td class="bg-green" colspan="4">CMYK:<br>background</td> <td class="bg-amber" rowspan="2">Hex:<br>font</td> <td class="bg-amber" rowspan="2">Hex:<br>background</td> </tr> <tr> <td class="bg-blue">R</td> <td class="bg-blue">G</td> <td class="bg-blue">B</td> <td class="bg-blue">R</td> <td class="bg-blue">G</td> <td class="bg-blue">B</td> <td class="bg-green">C</td> <td class="bg-green">M</td> <td class="bg-green">Y</td> <td class="bg-green">K</td> <td class="bg-green">C</td> <td class="bg-green">M</td> <td class="bg-green">Y</td> <td class="bg-green">K</td> </tr> <tr> <td><strong class="tlp-red">TLP:RED</strong></td> <td class="bg-blue">255</td> <td class="bg-blue">43</td> <td class="bg-blue">43</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-green">0</td> <td class="bg-green">83</td> <td class="bg-green">83</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">100</td> <td class="bg-amber">#FF2B2B</td> <td class="bg-amber">#000000</td> </tr> <tr> <td><strong class="tlp-amber">TLP:AMBER</strong></td> <td class="bg-blue">255</td> <td class="bg-blue">192</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-green">0</td> <td class="bg-green">25</td> <td class="bg-green">100</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">100</td> <td class="bg-amber">#FFC000</td> <td class="bg-amber">#000000</td> </tr> <tr> <td><strong class="tlp-green">TLP:GREEN</strong></td> <td class="bg-blue">51</td> <td class="bg-blue">255</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-green">79</td> <td class="bg-green">0</td> <td class="bg-green">100</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">100</td> <td class="bg-amber">#33FF00</td> <td class="bg-amber">#000000</td> </tr> <tr> <td><strong class="tlp-clear">TLP:CLEAR </strong></td> <td class="bg-blue">255</td> <td class="bg-blue">255</td> <td class="bg-blue">255</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-blue">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">0</td> <td class="bg-green">100</td> <td class="bg-amber">#FFFFFF</td> <td class="bg-amber">#000000</td> </tr> </table> <style type="text/css"> .table-tlp{width:100%;max-width:70em;border:0.5px solid #666;} .table-tlp td {padding: 0.5em;line-height:1.5em;border:0.5px solid #666;background:#eeeeee;} .table-tlp .bg-blue {background:#dbe5f1} .table-tlp .bg-green {background:#ebf1dd} .table-tlp .bg-amber {background:#fdeada} strong.tlp-clear, span.tlp-clear {font-size: 1.25em;display: inline-block;padding-left: .15em;padding-right: .15em;} strong.tlp-clear, span.tlp-clear, .tlp-clear .tlp, .tlp-clear .tlp::before {color: #fff;background: #000;} strong.tlp-red, span.tlp-red, .tlp-red .tlp, .tlp-red .tlp::before {color: #FF2B2B !important;} .tlp-white .tlp::before, .tlp-white.icon::before {content: ' TLP:CLEAR ';white-space:pre;font-weight:bold;} </style> <p>Note on color-coding: when there is too little color contrast between text and background, those with low vision struggle to read text or cannot see it at all. TLP is designed to accommodate those with low vision. Sources SHOULD adhere to the TLP color-coding to ensure enough color contrast for such readers.</p> <h3 id="TLP-definitions">3. TLP definitions</h3> <p><strong>Community:</strong> Under TLP, a <em>community</em> is a group who share common goals, practices, and informal trust relationships. A community can be as broad as all cybersecurity practitioners in a country (or in a sector or region).</p> <p><strong>Organization:</strong> Under TLP, an <em>organization</em> is a group who share a common affiliation by formal membership and are bound by common policies set by the organization. An organization can be as broad as all members of an information sharing organization, but rarely broader.</p> <p><strong>Clients:</strong> Under TLP, clients are those people or entities that receive cybersecurity services from an <em>organization</em>. Clients are by default included in TLP:AMBER so that the recipients may share information further downstream in order for clients to take action to protect themselves. For teams with national responsibility this definition includes stakeholders and constituents.</p> <p>a. <strong class="tlp-red">TLP:RED</strong> = For the eyes and ears of <em>individual</em> recipients only, no further disclosure. Sources may use TLP:RED when information cannot be effectively acted upon without significant risk for the privacy, reputation, or operations of the organizations involved. Recipients may therefore not share TLP:RED information with anyone else. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting.</p> <p>b. <strong class="tlp-amber">TLP:AMBER</strong> = Limited disclosure, recipients can only spread this on a need-to-know basis within their <em>organization</em> and its <em>clients</em>. Note that <strong class="tlp-amber">TLP:AMBER+STRICT</strong> restricts sharing to the <em>organization</em> only. Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organizations involved. Recipients may share TLP:AMBER information with members of their own organization and its clients, but only on a need-to-know basis to protect their organization and its clients and prevent further harm. Note: if the source wants to restrict sharing to the organization <strong>only</strong>, they must specify TLP:AMBER+STRICT.</p> <p>c. <strong class="tlp-green">TLP:GREEN</strong> = Limited disclosure, recipients can spread this within their community. Sources may use TLP:GREEN when information is useful to increase awareness within their wider community. Recipients may share TLP:GREEN information with peers and partner organizations within their community, but not via publicly accessible channels. TLP:GREEN information may not be shared outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community.</p> <p>d. <strong class="tlp-clear"> TLP:CLEAR </strong> = Recipients can spread this to the <em>world</em>, there is no limit on disclosure. Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:CLEAR information may be shared without restriction.</p> <hr /> <p>Notes:<br />  1. This document uses MUST and SHOULD as defined by <a href="https://tools.ietf.org/html/rfc2119">RFC-2119</a>.<br />  2. Comments or suggestions on this document can be sent to <a href="mailto:tlp-sig@first.org">tlp-sig@first.org</a>.</p></div></div><div id="navbar" data-studio="CU52CV1W8g"><div id="c4" data-studio="Yu8FjCC11g"><ul class="navbar"><li><a href="/standards">Standards &amp; Publications</a><ul><li><a href="/standards">Standards</a><ul><li><a href="/cvss">Common Vulnerability Scoring System (CVSS-SIG)</a></li><li><a href="/tlp">Traffic Light Protocol (TLP)</a><ul><li><a href="/tlp/use-cases">TLP Use Cases</a></li></ul></li><li><a href="/standards/frameworks/">Service Frameworks</a><ul><li><a href="/standards/frameworks/csirts">CSIRT Services Framework</a></li><li><a href="/standards/frameworks/psirts">PSIRT Services Framework</a></li></ul></li><li><a href="/iep">Information Exchange Policy (IEP)</a><ul><li><a href="/iep/iep_framework_2_0">IEP 2.0 Framework</a></li><li><a href="/iep/iep-json-2_0">IEP 2.0 JSON Specification</a></li><li><a href="/iep/iep-polices">Standard IEP Policies</a><ul><li><a href="https://www.first.org/iep/2.0/first-tlp-iep.iepj">IEP TLP Policy File</a></li><li><a href="https://www.first.org/iep/2.0/first-unknown-iep.iepj">IEP Unknown Policy File</a></li></ul></li><li><a href="/iep/iep_v1_0">IEP 1.0 Archive</a></li></ul></li><li><a href="/global/sigs/passive-dns">Passive DNS Exchange</a></li><li><a href="/epss">Exploit Prediction Scoring System (EPSS)</a></li></ul></li><li><a href="/resources/papers">Publications</a></li></ul></li></ul></div></div><div id="sidebar" data-studio="CU52CV1W8g"><div id="c5" data-studio="Yu8FjCC11g" class="h3labels subbox downloads"><h3 id="TLP-SIG-at-FIRST">TLP-SIG at FIRST</h3> <p>The <a href="/global/sigs/tlp">FIRST Traffic Light Protocol Special Interest Group (TLP-SIG)</a> governs the standard definition of TLP for the benefit of the worldwide CSIRT community and its operational partners. Comments or suggestions on the standard can be sent to <a href="mailto:tlp-sig@first.org">tlp-sig@first.org</a>.</p></div><div id="c6" data-studio="Yu8FjCC11g" class="h3labels subbox downloads"><h3 id="Downloads">Downloads</h3> <p>TLP Standards Definitions and Usage Guidance — Version 2.0 is available as:</p> <ul> <li><span class="flag flag-gb" title="English">TLP v2.0 - English</span> <ul> <li><a href="/tlp/docs/tlp-a4.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/tlp-letter.pdf">PDF Format (Letter)</a></li> <li><a href="/tlp/docs/tlp.rtf">RTF Format</a></li> </ul></li> <li><span class="flag flag-br" title="Brazilian Portuguese">TLP v2.0 - Brazilian Portuguese</span> <ul> <li><a href="/tlp/docs/v2/tlp-pt-br.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/tlp-pt-br.rtf">RTF Format</a></li> </ul></li> <li><span class="flag flag-cn" title="Chinese">TLP v2.0 - Chinese</span> <ul> <li><a href="/tlp/docs/v2/tlp-v2_cn.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/tlp-v2_cn.rtf">RTF Format</a></li> </ul></li> <li><span class="flag flag-cz" title="Czech">TLP v2.0 - Czech</span> <ul> <li><a href="/tlp/docs/v2/tlp-v2-cz.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/tlp-v2-cz.rtf">RTF Format</a></li> </ul></li> <li><span class="flag flag-nl" title="Dutch">TLP v2.0 - Dutch</span> <ul> <li><a href="/tlp/docs/v2/tlp-v2-nl.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/tlp-v2-nl.rtf">RTF Format</a></li> </ul></li> <li><span class="flag flag-fr" title="French">TLP v2.0 - French</span> <ul> <li><a href="/tlp/docs/v2/tlp-v2-fr.pdf">v2.0 PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/tlp-v2-fr.rtf">v2.0 RTF Format</a></li> </ul></li> <li><span class="flag flag-gr" title="Greek">TLP v2.0 - Greek</span> <ul> <li><a href="/tlp/docs/v2/TLP-v2.0-Greek.pdf">v2.0 PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/TLP-v2.0-Greek.rtf">v2.0 RTF Format</a></li> </ul></li> <li><span class="flag flag-jp" title="Japanese">TLP v2.0 - Japanese</span> <ul> <li><a href="/tlp/docs/v2/tlp-v2_ja.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/tlp-v2_ja.rtf">RTF Format</a></li> </ul></li> <li><span class="flag flag-no" title="Norwegian">TLP v2.0 - Norwegian</span> <ul> <li><a href="/tlp/docs/v2/tlp-v2-no.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/tlp-v2-no.rtf">RTF Format</a></li> </ul></li> <li><span class="flag flag-ro" title="Romanian">TLP v2.0 - Romanian</span> <ul> <li><a href="/tlp/docs/v2/tlp-v2-ro.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/tlp-v2-ro.rtf">RTF Format</a></li> </ul></li> <li><span class="flag flag-es" title="Spanish">TLP v2.0 - Spanish</span> <ul> <li><a href="/tlp/docs/v2/TLP-ESv4.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/TLP-ESv4.rtf">RTF Format</a></li> </ul></li> <li><span class="flag flag-se" title="Swedish">TLP v2.0 - Swedish</span> <ul> <li><a href="/tlp/docs/v2/tlp-v2-se.pdf">PDF Format (A4)</a></li> <li><a href="/tlp/docs/v2/tlp-v2-se.rtf">RTF Format</a></li> </ul></li> <li><a href="/tlp/v1">TLP v1.0 (Deprecated August 2022)</a></li> </ul> <h5>Other downloads:</h5> <ul> <li><a href="/tlp/docs/v2/FirstTLP-PosterA4-CMYK-30m.pdf">TLP Posters (A4)</a></li> </ul></div></div><footer><div id="footer" data-studio="CU52CV1W8g"><div id="c2" data-studio="Yu8FjCC11g"><div class="content"> <div class="support"> <div class="kbsearch bottom"> <p><a href="https://support.first.org"><img src="/_/img/icon-portal_support.svg" alt="FIRST Support" title="FIRST Support" /></a> <input class="kb-search" type="search" placeholder="Do you need help?"></p> </div> </div> <div id="socialnetworks"><a href="/about/sdg" title="FIRST Supported Sustainable Development Goals (SDG)" class="icon-sdg"></a><a rel="me" href="https://infosec.exchange/@firstdotorg" target="_blank" title="@FIRSTdotOrg@infosec.exchange" class="icon-mastodon"></a><a href="https://twitter.com/FIRSTdotOrg" target="_blank" title="Twitter @FIRSTdotOrg" class="icon-tw"></a><a href="https://www.linkedin.com/company/firstdotorg" target="_blank" title="FIRST.Org at LinkedIn" class="icon-linkedin"></a><a href="https://www.facebook.com/FIRSTdotorg" target="_blank" title="FIRST.Org at Facebook" class="icon-fb"></a><a href="https://github.com/FIRSTdotorg" target="_blank" title="FIRST.Org at Github" class="icon-github"></a><a href="https://www.youtube.com/c/FIRSTdotorg" target="_blank" title="FIRST.Org at Youtube" class="icon-youtube"></a><a href="/podcasts" title="FIRST.Org Podcasts" class="icon-podcast"></a></div> <p><a href="/copyright">Copyright</a> © 2015—2024 by Forum of Incident Response and Security Teams, Inc. All Rights Reserved.</p> </div> <p><span class="tlp"></span></p></div></div></footer><script nonce="dy0q5x1QhCmcDphc2_FS0A" async="async" src="/_/web.js?20241125212614"></script><script nonce="dy0q5x1QhCmcDphc2_FS0A" async="async" src="/_/s.js?20241125-212616"></script></body></html>

Pages: 1 2 3 4 5 6 7 8 9 10