Traffic light protocol

The traffic light protocol (TLP) is a set of designations used to ensure that sensitive information is shared with the correct audience.

It employs four colours to indicate different degrees of sensitivity and the corresponding sharing considerations to be applied by the recipient(s).

Red

When should it be used?

Sources may use TLP: RED when information cannot be effectively acted upon without significant risk for the privacy, reputation, or operations of the organisations involved.

How may it be shared?

TLP: RED information is for the eyes and ears of individual recipients only, no further disclosure.

Amber+Strict

When should it be used?

Sources may use TLP: AMBER+STRICT when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organisations involved.

How may it be shared?

Recipients may share TLP: AMBER+STRICT information with members of their own organisation, but only on a need-to-know basis to protect their organisation and prevent further harm.

Amber

When should it be used?

Sources may use TLP: AMBER when information requires support to be effectively acted upon, yet carries risk to privacy, reputation, or operations if shared outside of the organisations and clients involved.

How may it be shared?

Recipients may share TLP: AMBER information with members of their own organisation and its clients, but only on a need-to-know basis to protect their organisation and its clients and prevent further harm.

Green

When should it be used?

Sources may use TLP: GREEN when information is useful to increase awareness within their wider community.

How may it be shared?

Recipients may share TLP: GREEN information with peers and partner organisations within their community, but not via publicly accessible channels. TLP: GREEN information may not be shared outside of the community. Note: when “community” is not defined, assume the cybersecurity/defence community.

Clear

TLP:CLEAR was previously referred to as TLP:WHITE. 

When should it be used?

Sources may use TLP: CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.

How may it be shared?

TLP: CLEAR information may be distributed without restriction, subject to copyright controls.

Using TLP

The source of any information to be handled according to TLP should label the information with the correct TLP colour to indicate how widely that information may be disseminated. This is usually done by including 'TLP: [Colour]' in unambiguous text in the header and footer of the document. If a recipient needs to share the information more widely than indicated by the original TLP designation, they must refer back to the original source.