TLP:CLEAR
28 September 2022/GSA-2022-934
General Security
Advisory
Page 1 of 3
TLP:CLEAR
Traffic Light Protocol - Version 2.0
The Traffic Light Protocol (TLP) was created to facilitate greater sharing of information.
TLP is designed to improve the flow of information between individuals, organisations, or
communities in a controlled and trusted way. TLP is a set of designations used to ensure that sensitive
information is shared with the appropriate audience. The release of TLP2.0 by the Forum of Incident
Response and Security Teams (FIRST) has seen the standard refreshed. This has resulted in changes
to both the TLP colours and their criteria for use, with the updated information outlined in this
guidance.
TLP uses four colours to indicate expected sharing boundaries to be applied by the recipient(s).
If a recipient needs to share the information more widely than indicated in the TLP designation,
they must obtain explicit permission from the original source.
TLP colour
How may it be shared?
TLP: RED
Restricted to individual
recipients only, no
further disclosure.
TLP: RED information is for the eyes and
ears of individual recipients only, no
further disclosure.
In the context of a meeting, for example,
TLP: RED information is limited to those
present at the meeting. In most
circumstances, TLP: RED should be
exchanged verbally or in person.
TLP: AMBER+STRICT
Limited disclosure,
restricted to the
recipients’ organisation
only.
Recipients may only share
TLP: AMBER+STRICT information with
members of their own organisation
who need to know the information to
protect themselves or prevent further
harm.
TLP:CLEAR
Page 2 of 3
TLP:CLEAR
TLP colour
How may it be shared?
TLP: AMBER
Limited disclosure,
restricted to recipients’
organisations and their
clients on a
need-to-know basis.
Recipients may only share TLP: AMBER
information with members of their own
organisation, and with clients or
customers who need to know the
information to protect themselves or
prevent further harm.
TLP: GREEN
Limited disclosure,
restricted to recipients
and their community.
Recipients may share TLP: GREEN
information with peers and partner
organisations within their sector or
community, but not via publicly
accessible channels. Information in this
category can be circulated within a
particular community. TLP: GREEN
information may not be released outside
of the community.
TLP: CLEAR
Disclosure is not limited.
TLP: CLEAR information may be
distributed without restriction, subject to
standard copyright rules.
TLP designation: examples
TLP: RED The NCSC receives information about a serious undisclosed data breach suffered by a large
organisation. The breach poses significant risk to individuals’ privacy and the organisation’s continued
operations. The NCSC shares details of the breach in a meeting with specific members of the
organisation’s security team.
TLP: AMBER+STRICT The NCSC is aware of a newly disclosed vulnerability that is likely to affect one
nationally significant organisation. The NCSC produces a report detailing mitigation strategies and
emails the report to the affected organisation.
TLP: AMBER The NCSC receives information about a new type of malware targeting New Zealand
institutions within a certain sector. The NCSC produces a report detailing mitigation strategies for the
malware and emails the report to institutions within the affected sector.
TLP: GREEN The NCSC produces an advisory describing the actions needed to mitigate a recently
disclosed security vulnerability. The NCSC emails the advisory to a list of organisations who may be
affected by the vulnerability.
TLP: CLEAR The NCSC produces cyber security advice designed to help organisations and their staff
work more securely when they are away from the office. The NCSC publishes the advice on its public
website for a general audience.
TLP:CLEAR
Page 3 of 3
TLP:CLEAR
TLP usage: documents
Documents utilising a TLP designation must indicate the relevant TLP colour in the header and footer
of each page. The TLP colour should appear in capital letters and in 12 point type or greater. The
letters must be right-justified on the page and presented with a black background. The below tables
define the lettering colours for each TLP designation.
RGB
TLP: RED
Text: R=255, G=43, B=43 Background: R=0, G=0, B=0
TLP: AMBER+STRICT
Text: R=255, G=192, B=0 Background: R=0, G=0, B=0
TLP: AMBER
Text: R=255, G=192, B=0 Background: R=0, G=0, B=0
TLP: GREEN
Text: R=51, G=255, B=0 Background: R=0, G=0, B=0
TLP: CLEAR
Text: R=255, G=255, B=255 Background: R=0, G=0, B=0
CYMK
TLP: RED
Text: C=0, M=83, Y=83, K=0
Background: C=0, M=0, Y=0, K=100
TLP: AMBER+STRICT
Text: C=0, M=25, Y=100, K=0
Background: : C=0, M=0, Y=0, K=100
TLP: AMBER
Text: C=0, M=25, Y=100, K=0
Background: : C=0, M=0, Y=0, K=100
TLP: GREEN
Text: C=79, M=0, Y=100, K=0
Background: : C=0, M=0, Y=0, K=100
TLP: CLEAR
Text: C=0, M=0, Y=0, K=0
Background: : C=0, M=0, Y=0, K=100
TLP usage: email
Emails utilising a TLP designation should indicate the relevant TLP colour in the subject line and in
the body of the email, preceding the information.
The TLP colour must be displayed in capital letters for example, TLP: AMBER.
The NCSC can be contacted by email at: [email protected]
We encourage you to contact us at any time if you require any further assistance or advice.