Upgrade Your Traffic Light Protocol – Move to TLP 2.0!

Although a new version of the TLP standard has been available for a longer time (the National Cyber Security Centre SK-CERT already published the relevant article in August), not all organizations have adopted these changes into their processes.

The National Cyber Security Centre SK-CERT (hereinafter referred to as “NCSC SK-CERT”) therefore appeals to all those who use the Traffic Light Protocol (TLP) for information classification to implement a new version of this standard, marked as TLP 2.0. NCSC SK-CERT also encourages those who do not use this protocol at all to start using it due to better protection of information and better distribution of information.

There is no need to wait with the transition to the new version of TLP 2.0. Quite the opposite, in order not to prolong the current situation where both formats are used simultaneously in communication, NCSC SK-CERT recommends ensuring the transition no later than 1 December 2022. This will contribute to better communication comfort within the entire security community.

What is new in the standard?

 TLP 2.0 brings the following improvements:

• TLP:WHITE has been changed to TLP:CLEAR
• TLP:AMBER has been joined by TLP:AMBER+STRICT, which is limited to sharing only within the organization (information labelled TLP:AMBER is intended for both the organization and its clients)
• definitions of community, organization and clients have been added
• community – a group that shares common goals, practices and informal trust relationships. For example, a community can be as broad as all cybersecurity practitioners in a country (or in a sector or region).
• organization – a group, defined by common affiliation through formal membership or a working contract, bound by common principles/rules set by that organization. An organization can be as broad as all members/employees of the organization; information is typically shared only within a part of the organization.
• clients – people or entities that receive cybersecurity services from the organization. As for teams with national responsibility, this definition includes stakeholders (constituency).
• RGB, CMYK and HEX colour-coding have been added for all TLP labels. The colour for TLP:RED has been modified for better readability.

What problem is solved by TLP

If you publish, share, communicate, or just forward any information that may be potentially sensitive in nature, you have certainly faced the question of how to easily and concisely express

• the sensitivity of the information being shared,
• further usage or dissemination by the recipient.

And that is exactly what TLP is used for, allowing convenient and easy labelling of shared information. Simply attach one of the coloured “labels” to the message, which indicate the boundaries for the recipient in relation to further dissemination of the information. They are the following:

TLP:RED, TLP:AMBER, TLP:AMBER+STRICT, TLP:GREEN and TLP:CLEAR.

The meaning of the labels is intuitively clear even to a layman and their uniform use simplifies the recipient’s handling of received information.

For a precise interpretation and rules of use, NCSC SK-CERT recommends to visit the following links for further information on TLP issue:

• https://www.first.org/tlp/ – Standardisation document TLP 2.0
• https://www.sk-cert.sk/en/about-us/information-protection/index.html – rules to follow when using TLP in Slovak language

 

« Späť na zoznam