본문 바로가기

KrCERT/CC

close

KrCERT/CC

KOR
close

Traffic Light Protocol

Home Security Notice Traffic Light Protocol

Traffic Light Protocol(TLP)

  • KrCERT/CC uses a TLP for proper handling of shared information.
  • The TLP specifies the restrictions when information recipients re-share the information they have received.
KrCERT/CC Traffic Light Protocol
KrCERT/CC Traffic Light Protocol
TLP:RED
  • For the eyes and ears of individual recipients only, no further disclosure
    1. Definition: Information that is difficult to recover from due to enormous damage to the interests of stakeholders when disclosed
    2. Scope of disclosure: Sharing with people other than the recipient is prohibited.
    3. In most cases, TLP: RED information is shared orally or face-to-face.
    4. (Example) Matters related to contracts and agreements, such as confidential agreement documents
TLP:AMBER
  • Limited disclosure, recipients can only spread this on a need-to-know basis within their organization and its clients
    1. Definition: Information that could have a significant impact on the interests of stakeholders if disclosed
    2. Scope of disclosure: Restricted sharing - sharing within the recipient's organization
      * To protect the recipient and the recipient's organization, and to prevent further harm, information is shared only with the recipient's customers
      * Additional restrictions may be set on sharing as well as the originally intended purpose of sharing
    3. (Example) Internal and external information processed through approval, such as diplomatic documents
TLP:AMBER STRICT
    1. Definition: Information that, if disclosed, could have a significant impact on the interests of interested parties.
    2. Scope of disclosure: Restricted sharing - Recipient's organization internal group (belonging)
    3. (Example) In case corporate data is included in internal and external information processed for approval
TLP:GREEN
  • Limited disclosure, recipients can spread this within their community
    1. Definition: Information that would have a negligible impact on the interests of interested parties if disclosed
    2. Scope of disclosure: Restricted sharing - limited to the recipient's affiliations, peers in the community, and partner organizations.
      * Shared between external organizations or members that have signed business agreements
    3. It cannot be shared through a publicly accessible channel.
    4. (Example) Indicator of Compromise (IoC)
TLP:CLEAR
  • Recipients can spread this to the world, there is no limit on disclosure
    1. Multiple information and communication service provider(ISP) No limit to sharing
    2. (Example) White papers and security notices
Top