Privacy Ninja

New Traffic Light Protocol Standard Released After Five Years

New Traffic Light Protocol Standard Released After Five Years

The Forum of Incident Response and Security Teams (FIRST) has published TLP 2.0, a new version of its Traffic Light Protocol (TLP) standard, five years after the release of the initial version.

The TLP standard is used in the computer security incident response team (CSIRT) community to facilitate the greater sharing of sensitive information.

It also indicates any sharing limitations recipients have to consider when communicating potentially sensitive info with others.

“TLP provides a simple and intuitive schema for indicating with whom potentially sensitive information can be shared,” FIRST says.

“TLP labels and their definitions are not intended to have any effect on freedom of information or ‘sunshine’ laws in any jurisdiction.”

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

With the updated standard, FIRST maintains the rule that the source of information should communicate the TLP label in writing or verbally, depending on the TLP designation.

Information sources are also required to ensure that recipients of TLP-labeled info understand and abide by the TLP sharing guidance.

Changes in the new TLP 2.0 standard

Compared to TLP 1.0, TLP 2.0 replaces the TLP:WHITE label with TLP:CLEAR and adds an additional TLP: AMBER+STRICT label for an extra limited disclosure level within organizations.

Also Read: Compliance Course Singapore: Spotlight on the 3 Offerings

The new standard also clarifies the previous label description to improve human readability and make it easier to understand disclosure limitations.

FIRST also “removed synonyms and colloquialisms to improve accessibility for non-native English speakers and ease of translation, focused on consistent language and terminology, adding definitions for community, organization, and clients, and added a colors table to include RGB, CMYK, and hexadecimal color codes.”

According to FIRST, the color-coded TLP labels should be applied based on the audience that should have access to the shared sensitive information:

  • TLP:RED = For the eyes and ears of individual recipients only, no further disclosure.
  • TLP:AMBER = Limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients.
  • TLP:AMBER+STRICT restricts sharing to the organization only.
  • TLP:GREEN = Limited disclosure, recipients can spread this within their community.
  • TLP:CLEAR  = Recipients can spread this to the world, there is no limit on disclosure.

When applying these TLP labels, those sharing the information should consider the foreseeable risk of its misuse, if it should be used to increase awareness in the broader community, and its impact on organization privacy, reputation, or operations.

“We are increasingly spreading more confidential and sensitive information inside our community, inside companies, inside business sectors, inside countries, and worldwide,” FIRST TLP-SIG co-chair Don Stikvoort said.

“We need systems that are easy to use, simple to understand, and straightforward enough that translation does not impact the meaning to ensure that we share sensitive information with the appropriate audience. The updated and modernized TLP version 2.0 does just that.”

Update: Added more info on TLP 2.0 highlights.



Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection


We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.


Click one of our contacts below to chat on WhatsApp

× Chat with us