A group who share common goals, practices, and informal trust relationships.
LP is a set of four labels used to indicate the
T
Community sharing boundaries to be applied by the recipients
community can be as broad as all cybersecurity
A
practitioners in a country (or in a sector or region).
LP provides a simple and intuitive schema for indicating
T
A group who share a common affiliation by formal membership with whom potentially sensitive information can be shared
and are bound by common policies set by the organization.
Organization Terms Intro TLP is not a formal classification scheme
An organization can be as broad as all members of an
information sharing organization, but rarely broader.
Official website www.first.org/tlp
Clients are those people or entities that receive
cybersecurity services from an organization. TLP 2.0
Clients Current version
Clients are by default included in TLP:AMBER so that the recipients may share information November 1, 2022
further downstream in order for clients to take action to protect themselves.
For the eyes and ears of individual recipients only, no further disclosure.
RGB: 255 43 43 TLP:RED
hen information cannot be effectively acted upon without significant risk
W
RGB: 255 192 0 TLP:AMBER for the privacy, reputation, or operations of the organizations involved
Color Traffic Light Protocol TLP:RED
Recipients may therefore not share TLP:RED information with anyone else
RGB: 51 255 0 TLP:GREEN
(TLP 2.0) I n the context of a meeting, for example, TLP:RED
RGB: 255 255 255 TLP:CLEAR information is limited to those present at the meeting
Brand book 21.09.2023 www.patreon.com/AndreyProzorov
MUST not contain spaces and SHOULD be in capitals
L imited disclosure, recipients can only spread this on
TLP:CLEAR a need-to-know basis within their organization and its clients.
in the header and footer TLP:AMBER
ecipients may share TLP:AMBER information with members of their
R
own organization and its clients, but only on a need-to-know basis to
of each page Documents protect their organization and its clients and prevent further harm
SHOULD be in 12-point type or greater Restricts sharing to the organization only
TLP TLP:AMBER+STRICT
Is not defined Automated new, v.2.0
I nformation
This is left to the designers of such exchange Exchanges
Limited disclosure, recipients can spread this within their community.
How to use
The TLP label SHOULD be in the subject line of email
When information is useful to increase awareness within their wider community.
Emails and Chats
Use a pinned message or rules of behavior ecipients may share TLP:GREEN information with peers and partner
R
document for standing chat channels TLP:GREEN
organizations within their community, but not via publicly accessible channels
Speakers may designate the information they are May not be shared outside of the community
communicating at a TLP level and, if needed, caveat
Verbal Discussions When “community” is not defined, assume the cybersecurity community.
Participants should assume information is
TLP:CLEAR if the speaker does not provide a designation
Recipients can spread this to the world, there is no limit on disclosure
TLP:CLEAR
TLP:WHITE TLP 1.0
