Traffic Light Protocol (TLP)

From CIPedia
Revision as of 23:50, 17 July 2015 by Eluiijf (talk | contribs)
Jump to navigation Jump to search

Definitions

The Traffic Light Protocol (TLP) is a widely accepted information classification scheme used to exchange, share, and handle information by public and private parties. [1]

The Traffic Light Protocol (TLP) was created in order to encourage greater sharing of information. Information sharing is important for helping mitigate the spread of electronic attacks, improving protection through sharing best practices, and building trust between players in this field. In order to encourage the sharing of sensitive (but unclassified) information, however, the originator needs to signal how widely they want their information to be circulated beyond the immediate recipient, if at all. The TLP provides a simple method to achieve this. It is designed to improve the flow of information between individuals, organisations or communities in a controlled and trusted way. It is important that everyone understands and obeys the rules of the protocol. Only then can trust be established and the benefits of information sharing realised. The TLP is based on the concept of the originator labelling information with one of four colours to indicate what further dissemination, if any, can be undertaken by the recipient. The recipient must consult the originator if wider dissemination is required.

  • TLP RED: personal for named recipients only; most often shared orally between the set of trusted participants.
  • TLP AMBER: Limited distribution. The recipient may share AMBER information with others within their organisation, but only on a ‘need-to-know’ basis. The originator may be expected to specify the intended limits of that sharing.
  • TLP GREEN: Community wide distribution. Information in this category can be circulated widely within a particular community. However, the information may not be published or posted on the Internet, nor released outside of the community.
  • TLP WHITE: Unlimited distribution. Subject to standard copyright rules, WHITE information may be distributed freely, without restriction.

See also

Notes

  1. OECD: Development of Policies for Protection of Critical Information Infrastructures. OECD (2012)