SOCRadar® Cyber Intelligence Inc. | Traffic Light Protocol is Updated to Version 2.0


Aug 10, 2022
4 Mins Read

Traffic Light Protocol is Updated to Version 2.0

The Forum of Incident Response and Security Teams (FIRST) has shared an update for Traffic Light Protocol (TLP), denominating the latest version as “TLP 2.0.” According to FIRST, TLP 2.0 is planning to be fully adopted by January 2023.

The former version, released in 2015, there have been no updates since. In 2019, 50+ security professionals found FIRST TLP- Special Interest Group (SIG) to improve the former version’s content, language, supporting materials, and accessibility. After years of study, TLP 2.0 was drafted on 5 August.

What is Traffic Light Protocol?

TLP aims to regulate information traffic to ensure that sensitive information is delivered only to the right audience. TLP uses definitions to classify information so that boundaries of the information are designated. The secondary aim of TLP is to be understandable and globally applicable to many other information exchange standards. 

The information can be shared via e-mail, chat message, or document. Either way, TLP should be appropriately labeled to indicate the information’s classification. In version 2.0, TLP has four types of labels for information to be exchanged. Those are red, amber, green, and straightforward.

What are TLP 2.0 Definitions?

In the new update, there are two significant changes in the definitions. TLP: WHITE is altered to TLP: CLEAR, and TLP: AMBER+STRICT is added to define a border that allows for the organizational spread of the information. Regarding the new updates, TLP 2.0 definitions are,

TLP: RED Only for the people who are sharing the information only. TLP: RED restricts any further information sharing. This label is preferred for the most sensitive information.

TLP: AMBER Restricts the spread of the information to who is needed to know. The audience may be in the organization or outside of the organization. FIRST defines the boundary outside of the organization as “clients.” When the information is needed to be kept in the organization. TLP: AMBER+STRICT is used to specify that situation.

TLP: GREEN The information can be spread within a community of the target organization. Including other organizations or people in the industry. Yet still, this information cannot be shared with the public.

TLP: CLEAR No restrictions on the spread of the information. The information can be shared with the public. However, copyright rules need to be applied to the information if required.

Community: corresponds to a group that shares common goals, practices, and informal trust relationships. Such as individuals or organizations in an industry.

Clients: corresponds to other individuals or organizations that have been serviced. If applicable, the term clients also cover stakeholders and constituents.

Organization: Defines a formally formed group of individuals that pursue the same goals and are subject to standard policies.

What Other Updates were Done in TLP 2.0?

Aside from the updates in the part of the definition, usage of the TLP is re-stated for messaging & document transfer. Also, FIRST claims TLP can be used in automated information exchange systems, yet FIRST didn’t define a standard for these systems in TLP 2.0.

The messaging and document transfer updates standardize a visible and simple labeling procedure. Finally, FIRST also shares a color code table in TLP 2.0, including RGB, CMYK, and Hex codes for the label’s colors.

New Traffic Light Protocol shared by the FIRST
New Traffic Light Protocol shared by the FIRST

For the last few years, an older version of TLP has been utilized to define a common standard for regulating information transfer between organizations and individuals. TLP 2.0 aims to enhance the older version’s language, content, and definitions.