Prepare now for move to the new version of FIRST’s standard for sharing security information [300 words].
What: Beginning Nov. 1, 2022, CISA will officially adopt version 2.0 of the Forum of Incident Response and Security Teams (FIRST) Traffic Light Protocol (TLP) standard to facilitate information sharing among cybersecurity incident response teams. TLP 2.0 will replace the existing TLP 1.0 standard.
The TLP is a set of four labels to indicate the sensitivity of security information and the boundaries to be applied when sharing that information.
- TLP:CLEAR Information marked with this label can be shared freely with anyone.
- TLP:GREEN Recipients of information with this label can share it on a limited basis with their community—for instance to increase awareness of a particular issue. The information may not be shared via publicly accessible channels.
- TLP:AMBER Recipients of documents with this label can only disclose it on a limited, need-to-know basis to people within their organization and to clients that might receive cybersecurity services from them.
- TLP: RED Information marked with this label is meant for the eyes and ears of the recipient only. They may not disclose it to others. The label denotes information that cannot be acted upon effectively without significant risks.
The difference between TLP version 2.0 and version 1.0 is that the new version introduces a new TLP:AMBER+STRICT category to denote information that may only be shared within an organization. The TLP:CLEAR label also replaces the previous TLP:WHITE designation.
FIRST has also added a colors table to include RGB, CMYK, and hexadecimal color codes. FIRST has removed synonyms and colloquialisms and used consistent language and terminology in version 2.0 to make it more understandable for non-native English speakers.
Details:
