The Traffic Light Protocol (TLP)

Like other cyber emergency teams, CERT.be uses the Traffic Light Protocol or TLP.

The protocol was created to control and encourage sharing of information.

What is TLP?

The protocol requires the originator of information to label it with a color. This color indicates what further dissemination, if any, can take place. If a recipient thinks wider distribution is needed, he must get the approval of the originator before doing so.

Why use TLP?

CERT.be works closely with different agencies, international governments, and private-sector organisations to coordinate cyber incident identification and response. TLP provides a simple and intuitive schema for indicating when and how sensitive cybersecurity information can be shared within the global cybersecurity community of practice, encouraging more frequent and effective collaboration between CERT.be and its partners.

Who else uses TLP?

In addition to CERT.be, TLP is also employed by public- and private-sector organisations worldwide.

The colors and their meanings are:

RED RED – Information exclusively intended for direct recipients.
For example: people present in a meeting, a direct recipient of a SMS, e-mail or mail.
AMBER AMBER - Information for an organisation, possibly limited to certain persons in the organisation.
For example: information may be shared with others within the recipient’s organisation, on a need-to-know basis. The originator may specify limits to the sharing.
GREEN GREEN - Information for a community not to be circulated via the internet.
For example: sharing of information within a specific sector without publishing the info on internet or releasing the info outside this sector.
WHITE WHITE – Information that can be freely circulated as long as no law is contravened (e.g. copyright law).