The Traffic Light Protocol (TLP) is
a set of designations used to ensure that sensitive information is shared with
the correct audience. It employs four colors to indicate different degrees of
sensitivity and the corresponding sharing considerations to be applied by the
recipient(s).
Red:
When
should it be used?
Sources may use TLP:
RED when information cannot be effectively acted upon by additional parties,
and could lead to impacts on a party's privacy, reputation, or operations if
misused.
How
may it be shared?
Recipients may not
share TLP: RED information with any parties outside of the specific exchange,
meeting, or conversation in which it is originally disclosed.
Amber:
When
should it be used?
Sources may use TLP:
AMBER when information requires support to be effectively acted upon, but
carries risks to privacy, reputation, or operations if shared outside of the
organizations involved.
How
may it be shared?
Recipients may only
share TLP: AMBER information with members of their own organization who need to
know, and only as widely as necessary to act on that information.
Green:
When
should it be used?
Sources may use TLP:
GREEN when information is useful for the awareness of all participating
organizations as well as with peers within the broader community or sector.
How
may it be shared?
Recipients may share
TLP: GREEN information with peers and partner organizations within their sector
or community, but not via publicly accessible channels.
White:
When
should it be used?
Sources may use TLP:
WHITE when information carries minimal or no foreseeable risk of misuse, in
accordance with applicable rules and procedures for public release.
How
may it be shared?
TLP: WHITE
information may be distributed without restriction, subject to copyright
controls.
