Traffic Light Protocol

The Traffic Light Protocol ( TLP ) in German about "traffic light protocol" is a standardized agreement for the exchange of information worthy of protection. It was originally developed in Great Britain by the National Infrastructure Security Co-ordination Center (NISCC), is mentioned in relevant reports by the OECD and is e.g. B. also used in Germany by the Alliance for Cyber Security (at the Federal Office for Information Security ). The TLP is used to increase security when forwarding sensitive data. All documents are divided into one of four classes, which regulate the conditions for their distribution.

Most organizations now use version 1.0 of the Traffic Light Protocol as defined by the Forum of Incident Response and Security Teams (FIRST).

background

In the daily exchange of data, sensitive or sensitive information, data and documents are always passed on. In order to prevent an unwanted flow of information to the general public, a system such as the TLP introduces clear labeling that defines the potentially permitted recipients. Violations of the regulation are often punished with the downgrading as a recipient of the "TLP: WHITE" level, because the recipient has turned out to be insufficiently trustworthy.

Over the years there has been a problem with the interoperability of the TLP, as different definitions of the TLP: AMBER level have been used in different circles. Some organizations, such as the US-CERT, defined their own organization as a transfer restriction for TLP: AMBER information. In other organizations, such as the CSIRT Taskforce (TF-CSIRT), the disclosure restriction for TLP: AMBER information was defined as its own "Constituency". As a result, a working group was established in 2015 in the international CERT umbrella organization, the Forum of Incident Response and Security Teams (FIRST), with the aim of developing a uniform definition. On August 31, 2016, the working group published an agreed standard under the name "TRAFFIC LIGHT PROTOCOL (TLP) FIRST Standards Definitions and Usage Guidance - Version 1.0". This version defines the transfer restriction for TLP: AMBER information on the basis of "knowledge only if necessary" to the own organization and to third parties ("clients and customers"), insofar as the third parties need the information in order to avoid damage to themselves. In addition, a creator of information can further restrict TLP: AMBER if he makes this clear (eg: "TLP: AMBER - only for own organization"). The recipient must then also adhere to the further restriction.

Classifications

TLP: RED : Information at this level is limited to those present in a meeting or video / audio conference or to the direct recipients in the case of written correspondence. Passing on is prohibited. Most of the time, TLP: RED information is given orally or in person.
TLP: AMBER : The recipient may pass on information of this level within his organization on the basis of "knowledge only if necessary". The recipient may also pass on the information to third parties if they need the information to protect the recipient or to reduce damage to the recipient. To do this, he must ensure that the “third parties” know the TLP and adhere to the associated rules, Traffic Light Protocol (TLP). The creator of the information can set further or additional restrictions on the transfer of information; these must be observed.
TLP: GREEN : Information at this level may be freely passed on within the organizations and to their partners. However, the information may not be published.
TLP: WHITE : Apart from copyright aspects, information of the TLP: WHITE level may be freely passed on without restrictions.

literature

Hank Prunckun: Counterintelligence - Theory and Practice ; Rowman & Littlefield; 1st edition 2012; ISBN 978-1-4422-1933-5
National center for taxation studies and University of Limerick / Ireland, edited by David O'Donnell: The Proceedings of the 10th European Conference on eGouvernment ; academic publishing 2010; ISBN 978-1-906638-62-7
British computer society: IEEE compass '95 ; 1995
Carlo Ferigato, Marcelo Masera: Design of a Platform for Information Exchange on Protection of Critical Infrastructures; Joint Research Center of the European Commission Institute for the Protection and Security of the Citizen; Springer 2008; ISBN 978-3-540-89095-9
Critical Information Infrastructure Security: Third International Workshop, CRITIS 2008, Springer 2009, ISBN 978-3-642-03551-7
Kanchana Ratnam, TT Rajkumar: IT and Information Security, SAJMMR Volume 2, Issue 5 (May, 2012) ISSN 2249-877X
US- CERT : Traffic Light Protocol (TLP) Matrix and Frequently Asked Questions

Individual evidence

↑ OECD: Development of Policies for Protection of Critical Information Infrastructures (PDF; 1.1 MB) Oecd.org. Retrieved November 25, 2012.
↑ 'Re: OpenSSH security advisory: cbc.adv' - MARC . Marc.info. Retrieved November 25, 2012.
↑ Leaflet "Traffic Light Protocol (TLP)" (PDF; 94 kB) Federal Office for Information Security. Retrieved February 6, 2017.
↑ TRAFFIC LIGHT PROTOCOL (TLP) - FIRST Standards Definitions and Usage Guidance - Version 1.0 . FIRST.org, Inc. August 31, 2016. Retrieved January 10, 2020.
↑ FIRST announces Traffic Light Protocol (TLP) version 1.0 . FIRST.org, Inc. August 31, 2016. Retrieved January 10, 2020.

[1] OECD: Development of Policies for Protection of Critical Information Infrastructures (PDF; 1.1 MB) Oecd.org. Retrieved November 25, 2012.

[2] 'Re: OpenSSH security advisory: cbc.adv' - MARC . Marc.info. Retrieved November 25, 2012.

[3] Leaflet "Traffic Light Protocol (TLP)" (PDF; 94 kB) Federal Office for Information Security. Retrieved February 6, 2017.

[4] TRAFFIC LIGHT PROTOCOL (TLP) - FIRST Standards Definitions and Usage Guidance - Version 1.0 . FIRST.org, Inc. August 31, 2016. Retrieved January 10, 2020.

[5] FIRST announces Traffic Light Protocol (TLP) version 1.0 . FIRST.org, Inc. August 31, 2016. Retrieved January 10, 2020.