TLP: AMBER
Limited disclosure,
restricted to recipients’
organisations and their
clients on a
need-to-know basis.
Information sources may use
TLP: AMBER when information
requires support to be effectively
acted upon, but carries risk to
privacy, reputation, or operations if
shared outside of the organisations
and their clients involved.
Recipients may only share TLP: AMBER
information with members of their own
organisation, and with clients or
customers who need to know the
information to protect themselves or
prevent further harm.
TLP: GREEN
Limited disclosure,
restricted to recipients
and their community.
Information sources may use
TLP: GREEN when information is
useful for the awareness of peers
and partner organisations within
their sector or community. When
“community” is not defined, assume
the cyber security community.
Recipients may share TLP: GREEN
information with peers and partner
organisations within their sector or
community, but not via publicly
accessible channels. Information in this
category can be circulated within a
particular community. TLP: GREEN
information may not be released outside
of the community.
TLP: CLEAR
Disclosure is not limited.
Information sources may use
TLP: CLEAR when information
carries minimal or no foreseeable
risk of misuse, in accordance with
applicable rules and procedures for
public release.
TLP: CLEAR information may be
distributed without restriction, subject to
standard copyright rules.
TLP designation: examples
TLP: RED The NCSC receives information about a serious undisclosed data breach suffered by a large
organisation. The breach poses significant risk to individuals’ privacy and the organisation’s continued
operations. The NCSC shares details of the breach in a meeting with specific members of the
organisation’s security team.
TLP: AMBER+STRICT The NCSC is aware of a newly disclosed vulnerability that is likely to affect one
nationally significant organisation. The NCSC produces a report detailing mitigation strategies and
emails the report to the affected organisation.
TLP: AMBER The NCSC receives information about a new type of malware targeting New Zealand
institutions within a certain sector. The NCSC produces a report detailing mitigation strategies for the
malware and emails the report to institutions within the affected sector.
TLP: GREEN The NCSC produces an advisory describing the actions needed to mitigate a recently
disclosed security vulnerability. The NCSC emails the advisory to a list of organisations who may be
affected by the vulnerability.
TLP: CLEAR The NCSC produces cyber security advice designed to help organisations and their staff
work more securely when they are away from the office. The NCSC publishes the advice on its public
website for a general audience.