The Forum of Incident Response and Security Team (FIRST) has updated the globally renowned Traffic Light Protocol (TLP) for the cybersecurity industry – a vital system used by organizations all around the world to share sensitive information.
The new version of the TLP results from a thorough consultation with over 50 security industry experts over three years with the goals to standardize, unify and modernize the content and language and provide improved supporting materials.
Established in 1999 by the National Infrastructure Security Co-ordination Center (NISCC), TLP gradually became well-known globally. FIRST took the lead in unifying and standardizing the TLP in 2015. In 2019, over 50 security incident professionals re-convened the FIRST TLP Special Interest Group (FIRST TLP-SIG) to collaborate to improve the TLP in terms of content, language, supporting materials, and accessibility. After additional consultation with members from other groups and communities from around the world, FIRST finalized the new draft this year. The final TLP version 2.0 is now available for distribution and is planned to be fully adopted worldwide by January 2023.
The most significant changes are as follows:
- Removed synonyms and colloquialisms to improve accessibility for non-native English speakers and ease of translation.
- Focused on consistent language and terminology, adding community, organization, and client definitions.
- Added a colors table to include RGB, CMYK, and hexadecimal color codes.
- TLP:WHITE has become TLP:CLEAR.
- Added the TLP:AMBER+Strict label to highlight information that is restricted to the recipient’s organization only.
FIRST TLP-SIG co-chair Don Stikvoort (Open CSIRT Foundation) said: “We are increasingly spreading more confidential and sensitive information inside our community, inside companies, inside business sectors, inside countries, and worldwide. We need systems that are easy to use, simple to understand, and straightforward enough that translation does not impact the meaning to ensure that we share sensitive information with the appropriate audience. The updated and modernized TLP version 2.0 does just that.”
While some of these changes may impact the industry’s current tools and firmware, FIRST hopes the industry embraces TLP version 2.0 quickly and will be fully in use by January 2023. The more people accept the protocol, the more smoothly incidents can be coordinated and resolved with minimum anxiety.