Traffic Light Protocol

from Wikipedia, the free encyclopedia

The Traffic Light Protocol ( TLP ) in German about "traffic light protocol" is a standardized agreement for the exchange of information worthy of protection. It was originally developed in Great Britain by the National Infrastructure Security Co-ordination Center (NISCC), is mentioned in relevant reports by the OECD and is e.g. B. also used in Germany by the Alliance for Cyber ​​Security (at the Federal Office for Information Security ). The TLP is used to increase security when forwarding sensitive data. All documents are divided into one of four classes, which regulate the conditions for their distribution.

Most organizations now use version 1.0 of the Traffic Light Protocol as defined by the Forum of Incident Response and Security Teams (FIRST).

background

In the daily exchange of data, sensitive or sensitive information, data and documents are always passed on. In order to prevent an unwanted flow of information to the general public, a system such as the TLP introduces clear labeling that defines the potentially permitted recipients. Violations of the regulation are often punished with the downgrading as a recipient of the "TLP: WHITE" level, because the recipient has turned out to be insufficiently trustworthy.

Over the years there has been a problem with the interoperability of the TLP, as different definitions of the TLP: AMBER level have been used in different circles. Some organizations, such as the US-CERT, defined their own organization as a transfer restriction for TLP: AMBER information. In other organizations, such as the CSIRT Taskforce (TF-CSIRT), the disclosure restriction for TLP: AMBER information was defined as its own "Constituency". As a result, a working group was established in 2015 in the international CERT umbrella organization, the Forum of Incident Response and Security Teams (FIRST), with the aim of developing a uniform definition. On August 31, 2016, the working group published an agreed standard under the name "TRAFFIC LIGHT PROTOCOL (TLP) FIRST Standards Definitions and Usage Guidance - Version 1.0". This version defines the transfer restriction for TLP: AMBER information on the basis of "knowledge only if necessary" to the own organization and to third parties ("clients and customers"), insofar as the third parties need the information in order to avoid damage to themselves. In addition, a creator of information can further restrict TLP: AMBER if he makes this clear (eg: "TLP: AMBER - only for own organization"). The recipient must then also adhere to the further restriction.

Classifications

  • TLP: RED : Information at this level is limited to those present in a meeting or video / audio conference or to the direct recipients in the case of written correspondence. Passing on is prohibited. Most of the time, TLP: RED information is given orally or in person.
  • TLP: AMBER : The recipient may pass on information of this level within his organization on the basis of "knowledge only if necessary". The recipient may also pass on the information to third parties if they need the information to protect the recipient or to reduce damage to the recipient. To do this, he must ensure that the “third parties” know the TLP and adhere to the associated rules, Traffic Light Protocol (TLP). The creator of the information can set further or additional restrictions on the transfer of information; these must be observed.
  • TLP: GREEN : Information at this level may be freely passed on within the organizations and to their partners. However, the information may not be published.
  •  TLP: WHITE  : Apart from copyright aspects, information of the TLP: WHITE level may be freely passed on without restrictions.

literature

Individual evidence

  1. OECD: Development of Policies for Protection of Critical Information Infrastructures (PDF; 1.1 MB) Oecd.org. Retrieved November 25, 2012.
  2. 'Re: OpenSSH security advisory: cbc.adv' - MARC . Marc.info. Retrieved November 25, 2012.
  3. Leaflet "Traffic Light Protocol (TLP)" (PDF; 94 kB) Federal Office for Information Security. Retrieved February 6, 2017.
  4. TRAFFIC LIGHT PROTOCOL (TLP) - FIRST Standards Definitions and Usage Guidance - Version 1.0 . FIRST.org, Inc. August 31, 2016. Retrieved January 10, 2020.
  5. FIRST announces Traffic Light Protocol (TLP) version 1.0 . FIRST.org, Inc. August 31, 2016. Retrieved January 10, 2020.