Traffic Light Protocol

Last updated

The Traffic Light Protocol (TLP) is a system for classifying sensitive information created in the early 2000s by the UK Government's National Infrastructure Security Co-ordination Centre, in order to encourage greater sharing of sensitive information. [1]

Contents

The fundamental concept is for the originator to signal how widely they want their information to be circulated beyond the immediate recipient. It is designed to improve the flow of information between individuals, organizations or communities in a controlled and trusted way. It is important that everyone who handles TLP-labeled communications understands and obeys the rules of the protocol. Only then can trust be established and the benefits of information sharing realized. The TLP is based on the concept of the originator labeling information with one of four colors to indicate what further dissemination, if any, can be undertaken by the recipient. The recipient must consult the originator if wider dissemination is required.

A number of current specifications for TLP exist.

Summary of TLP's four colours and their meanings

There are four colors (or traffic lights): [7]

In the context of a meeting, for example, RED information is limited to those present at the meeting. The distribution of RED information will generally be via a defined list and in extreme circumstances may only be passed verbally or in person.
The recipient may share AMBER information with others within their organization and their clients, but only on a ‘need-to-know’ basis. The originator may be expected to specify the intended limits of that sharing.
 AMBER+STRICT , introduced in TLP version 2.0, restricts sharing to the organisation only. [8]
Information in this category can be circulated widely within a particular community. However, the information may not be published or posted publicly on the Internet, nor released outside of the community. Note: when “community” is not defined, assume the cybersecurity/defense community.
Subject to standard copyright rules, CLEAR/WHITE information may be distributed freely, without restriction.

In practice, one will indicate a document's classification with the acronym "TLP", followed by a colon and classification level, for example: "TLP:RED".

See also

Related Research Articles

ISO/IEC 7816 is an international standard related to electronic identification cards with contacts, especially smart cards, and more recently, contactless mobile devices, managed jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

X.400 is a suite of ITU-T recommendations that define the ITU-T Message Handling System (MHS).

Information technology service management (ITSM) are the activities performed by an organization to design, build, deliver, operate and control IT services offered to customers.

The United States Computer Emergency Readiness Team (US-CERT) was a team under the Cybersecurity and Infrastructure Security Agency of the Department of Homeland Security.

Information security standards are techniques generally outlined in published materials that attempt to protect a user's or organization's cyber environment. This environment includes users themselves, networks, devices, all software, processes, information in storage or transit, applications, services, and systems that can be connected directly or indirectly to networks.

<span class="mw-page-title-main">Standard of Good Practice for Information Security</span>

The Standard of Good Practice for Information Security (SOGP), published by the Information Security Forum (ISF), is a business-focused, practical and comprehensive guide to identifying and managing information security risks in organizations and their supply chains.

<span class="mw-page-title-main">OSSIM</span> Security information and event management system

OSSIM (Open Source Security Information Management) is an open source security information and event management system, integrating a selection of tools designed to aid network administrators in computer security, intrusion detection and prevention.

ISO/IEC 27002 is an information security standard published by the International Organization for Standardization (ISO) and by the International Electrotechnical Commission (IEC), titled Information security, cybersecurity and privacy protection — Information security controls.

The ISO/IEC 27000 family comprises information security standards published jointly by the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC).

Information technology risk, IT risk, IT-related risk, or cyber risk is any risk relating to information technology. While information has long been appreciated as a valuable and important asset, the rise of the knowledge economy and the Digital Revolution has led to organizations becoming increasingly dependent on information, information processing and especially IT. Various events or incidents that compromise IT in some way can therefore cause adverse impacts on the organization's business processes or mission, ranging from inconsequential to catastrophic in scale.

The EINSTEIN System is a network intrusion detection and prevention system that monitors the networks of US federal government departments and agencies. The system is developed and managed by the Cybersecurity and Infrastructure Security Agency in the United States Department of Homeland Security (DHS).

ISO/IEC JTC 1/SC 27 Information security, cybersecurity and privacy protection is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). ISO/IEC JTC 1/SC 27 develops International Standards, Technical Reports, and Technical Specifications within the field of information security. Standardization activity by this subcommittee includes general methods, management system requirements, techniques and guidelines to address information security, cybersecurity and privacy. Drafts of International Standards by ISO/IEC JTC 1 or any of its subcommittees are sent out to participating national standardization bodies for ballot, comments and contributions. Publication as an ISO/IEC International Standard requires approval by a minimum of 75% of the national bodies casting a vote. The international secretariat of ISO/IEC JTC 1/SC 27 is the Deutsches Institut für Normung (DIN) located in Germany.

Indicator of compromise (IoC) in computer forensics is an artifact observed on a network or in an operating system that, with high confidence, indicates a computer intrusion.

ISO/IEC JTC 1/SC 29, entitled Coding of audio, picture, multimedia and hypermedia information, is a standardization subcommittee of the Joint Technical Committee ISO/IEC JTC 1 of the International Organization for Standardization (ISO) and the International Electrotechnical Commission (IEC). It develops and facilitates international standards, technical reports, and technical specifications within the field of audio, picture, multimedia, and hypermedia information coding. SC 29 includes the well-known JPEG and MPEG experts groups, and the standards developed by SC 29 have been recognized by nine Emmy Awards.

<span class="mw-page-title-main">Cybersecurity Information Sharing Act</span>

The Cybersecurity Information Sharing Act is a United States federal law designed to "improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes". The law allows the sharing of Internet traffic information between the U.S. government and technology and manufacturing companies. The bill was introduced in the U.S. Senate on July 10, 2014, and passed in the Senate on October 27, 2015. Opponents question CISA's value, believing it will move responsibility from private businesses to the government, thereby increasing vulnerability of personal private information, as well as dispersing personal private information across seven government agencies, including the NSA and local police.

Storage security is a specialty area of security that is concerned with securing data storage systems and ecosystems and the data that resides on these systems.

The Open Trusted Technology Provider Standard (O-TTPS) is a standard of The Open Group that has also been approved for publication as an Information Technology standard by the International Organization of Standardization and the International Electrotechnical Commission through ISO/IEC JTC 1 and is now also known as ISO/IEC 20243:2015. The standard consists of a set of guidelines, requirements, and recommendations that align with best practices for global supply chain security and the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products. It is currently in version 1.1. A Chinese translation has also been published.

The NIST Cybersecurity Framework (CSF) is a set of voluntary guidelines designed to help organizations assess and improve their ability to prevent, detect, and respond to cybersecurity risks. Developed by the U.S. National Institute of Standards and Technology (NIST), the framework was initially published in 2014 for critical infrastructure sectors but has since been widely adopted across various industries, including government and private enterprises globally. The framework integrates existing standards, guidelines, and best practices to provide a structured approach to cybersecurity risk management.

Cybersecurity engineering is a tech discipline focused on the protection of systems, networks, and data from unauthorized access, cyberattacks, and other malicious activities. It applies engineering principles to the design, implementation, maintenance, and evaluation of secure systems, ensuring the integrity, confidentiality, and availability of information.

References

  1. Eric Luiijf; Allard Kernkamp (March 2015). "Sharing Cyber Security Information" (PDF). Global Conference on CyberSpace 2015. Toegepast Natuurwetenschappelijk Onderzoek. Retrieved 2016-10-25.
    Don Stikvoort (11 November 2009). "ISTLP - Information Sharing Traffic Light Protocol" (PDF). Trusted Introducer. National Infrastructure Security Co-ordination Centre . Retrieved 2016-10-25.
    "Development of Policies for Protection of Critical Information Infrastructures" (PDF). Organisation for Economic Co-operation and Development . Retrieved 2015-11-19.
    "'Re: OpenSSH security advisory: cbc.adv' - MARC". Mailing list ARChive . Retrieved 2012-11-25. (alt source SecurityFocus archive entry)
  2. "ISO/IEC 27010:2015 [ISO/IEC 27010:2015] | Information technology — Security techniques — Information security management for inter-sector and inter-organizational communications". International Organization for Standardization/International Electrotechnical Commission. November 2015. Retrieved 2019-12-31.
  3. 1 2 "FIRST announces Traffic Light Protocol (TLP) version 1.0". Forum of Incident Response and Security Teams . 2016-08-31. Archived from the original on 2024-06-26. Retrieved 2024-08-10.
  4. "FIRST Releases Traffic Light Protocol Version 2.0 with important updates". Forum of Incident Response and Security Teams . 2022-08-05. Archived from the original on 2024-07-21. Retrieved 2024-07-21.
  5. "Traffic Light Protocol (TLP) Definitions and Usage". CISA Central. Cybersecurity and Infrastructure Security Agency. 2022-08-16. Archived from the original on 2024-08-10. Retrieved 2024-08-10.
  6. "CISA Upgrades to TLP 2.0". Cybersecurity and Infrastructure Security Agency . 2022-11-01. Archived from the original on 2024-08-10. Retrieved 2024-08-10.
  7. "Traffic Light Protocol". Centre for Critical Infrastructure Protection. Archived from the original on 2013-02-05. Retrieved 2012-11-25.
  8. "FIRST Traffic Light Protocol version 2.0" (PDF).
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.