Basque Cyber Security Centre - Centro Vasco de Ciberseguridad

Traffic Light Protocol

Traffic Light Protocol (TLP) is a protocol created to facilitate the exchange of sensitive (non-classified) information.

It comprises a set of specifications used to ensure that sensitive information is shared only with the appropriate audience.

In order to do this, the protocol uses four colours which indicate the parametres for sharing and with whom.

TLP provides a simple, intuitive framework which indicates when and how sensitive information may be shared, thus facilitating regular, effective communication.

How is TLP used?

  • In emails: the Subject line and body of the email should both be marked “TLP” before any sensitive information is given. Specifications should appear in CAPITAL LETTERS: TLP:RED, TLP:AMBER, TLP:GREEN, or TLP:WHITE.
  • On documents: the Header and Foot of each page should both be marked “TLP”. We recommend offsetting this to the right so as to avoid any confusion with other acronyms or frameworks. Specifications should appear in CAPITAL LETTERS in font sizes including or greater than 12: TLP:RED, TLP:AMBER, TLP:GREEN, or TLP:WHITE.

Specifications:

ColourWhen should this be used?How should this be shared?
TLP:REDThe sender will use this code when the information must not be shared with third parties. If this were the case, and said information is wrongly used, this would have a negative impact on privacy, reputation and operations. The recipient(s) must not share the information with anyone who has not received the original mailing.
TLP:AMBERThe sender will use this code when the information calls for distribution within a limited sphere, so as to avoid any risks to privacy, reputation or operations of any of the organisations involved. The recipient(s) may only share the information with members of their own organisation, clients and suppliers, who need to know it in order to to protect themselves or avoid serious problems. The sender may specify further restrictions on the sharing of said information.
TLP:GREEN The sender will use this code when the information is of interest to all organisations involved, and also to third parties from the community or sector.The recipient(s) may share the information with associated organisations or members of their same sector, but not via public channels. No information carrying this specification should be shared beyond the immediate community. 
TLP:WHITEThe sender will use this code when the information poses only a minimal risk, or no risk, of being used incorrectly, as understood under the established guidelines and procedures for public broadcast.Information may be shared without restrictions, within the laws of Copyright.

Colours:

SpecificationFont / BackgroundHexadecimalRGBCMYK
TLP:REDFont
Background
#ff0033
#000000
R=255, G=0, B=51
R=0, G=0, B=0
C=0, M=100, Y=79, K=0
C=0, M=0, Y=0, K=100
TLP:AMBERFont
Background
#ffc000
#000000
R=255, G=192, B=0
R=0, G=0, B=0
C=0, M=25, Y=100, K=0
C=0, M=0, Y=0, K=100
TLP:GREENFont
Background
#33ff00
#000000
R=51, G=255, B=0
R=0, G=0, B=0
C=79, M=0, Y=100, K=0
C=0, M=0, Y=0, K=100
TLP:WHITEFont
Background
#ffffff
#000000
R=255, G=255, B=255
R=0, G=0, B=0
C=0, M=0, Y=0, K=0
C=0, M=0, Y=0, K=100

Important:

The sender is responsible for ensuring that the recipients know and understand how to use the protocol.

Should a recipient need to share the information outside the original perametres as indicated by the TLP, they must obtain the sender's explicit permission to do so.

For further information: 

https://www.first.org/tlp/
https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/considerations-on-the-traffic-light-protocol