A New Version of the Standard for Information Classification

FIRST (Forum of incident response and security teams), the largest global organization of more than 650 security teams, which publishes and maintains several cybersecurity standards, published a new version of the Traffic Light Protocol (abbreviated as TLP) on 2 August 2022. It is a method of information classification that was created to make information sharing easier. TLP is a set of labels used to ensure that sensitive information is shared with appropriate recipients. It uses four labels that are individually marked with a different colour, and thus indicate sharing boundaries. TLP is the most widely used method for classification of unclassified information in the security community. Although it is a protocol with clear and simple rules, it is also subject to evolution and improvement.

A new version of TLP, TLP 2.0, introduces a number of changes in the labelling of information as well as in the definition of terms:

  • TLP:WHITE has been changed to TLP:CLEAR
  • TLP:AMBER has been joined by TLP:AMBER+STRICT, which is limited to sharing only within the organization (information labelled TLP:AMBER is intended for both the organization and its clients)
  • definitions of community, organization and clients have been added
  • community – a group that shares common goals, practices and informal trust relationships. For example, a community can be as broad as all cybersecurity practitioners in a country (or in a sector or region).
  • organization – a group, defined by common affiliation through formal membership or a working contract, bound by common principles/rules set by that organization. An organization can be as broad as all members/employees of the organization; information is typically shared only within a part of the organization.
  • clients – people or entities that receive cybersecurity services from the organization. As for teams with national responsibility, this definition includes stakeholders (constituency).
  • RGB, CMYK and HEX colour-coding have been added for all TLP labels. The colour for TLP:RED has been modified for better readability.

For all those who use TLP, the rule is that they can use the old version of TLP until the end of 2022. So, they have enough time to implement a new version of the protocol.

The National Cyber Security Centre SK-CERT implements a new version of TLP when labelling shared information. At the same time, it will prepare a Slovak translation of the specification document.

The specification document for TLP can be found at https://www.first.org/tlp/.


« Späť na zoznam