The Forum of Security and Incident Response Teams (FIRST) has published TLP 2.0, a new version of its Traffic Light Protocol (TLP), five years after version 1.0 was released.
The Traffic Light protocol is a set of symbols for marking confidential information in order to indicate the audience for its further distribution. Information is marked with one of four colors, its “color” is usually indicated in the headers and footers of the document using an inscription like: “TLP: Color”.
Changes in the new version of the TLP protocol:
TLP 2.0 replaces TLP:WHITE marking with TLP:CLEAR;
Added additional TLP marking: AMBER+STRICT, further restricting the dissemination of information within the organization.
Also, in the new version of the protocol, the descriptions of existing markings have become more accurate and understandable. Now they look like this:
- TLP:RED is highly sensitive information intended only for the eyes and ears of specific recipients.
- TLP:AMBER – restricted information. Recipients may distribute information under this label only on a “need to know” basis within their organization and its clients.
- TLP:AMBER+STRICT – information under this marking can only be distributed within the organization.
- TLP:GREEN – restricted information. Recipients can only distribute it within their own community.
- TLP:CLEAR – distribution of information under this marking is not limited in any way. Recipients can distribute information around the world.
The FIRST co-chair stated that TLP version 2.0 is even more understandable and user-friendly than its predecessor. The new version of the protocol is simple, easy to use and understandable in all languages.