CSA Adopts Traffic Light Protocol (TLP) 2.0

Published on 03 Jul 2023

Tips & Resources

The Cyber Security Agency of Singapore (CSA) adopts the Traffic Light Protocol (TLP) 2.0 to define how cybersecurity-related information can be shared to relevant recipients using four (4) different TLP classification labels. As shown in Table 1 below, the four (4) TLP classification labels indicate the expected sharing boundaries and shall be adhered to by the Recipient(s). 

Table 1: TLP 2.0 Classification

TLP ClassificationDescription on the Access Restriction and Usage

Traffic Light Protocol - Red

Not for further disclosure, restricted to Recipients only.
For the eyes and ears of individual recipients only, no further disclosure.
Traffic Light Protocol - Amber + Strict
Limited disclosure.
Sharing is restricted to the organisation only
Information may be shared with inhouse contractors (i.e. the individual / staff working for the organisation) providing cybersecurity services to your organisation. However, these contractors shall not further disseminate the information to their parent company or other customers.
Traffic Light Protocol - Amber
Limited disclosure.
Recipients may share information with members of their own organisation and its clients, but only on a need-to-know basis to protect their organisation and its clients and prevent further harm.
Information may be shared with both inhouse and outsource contractors (i.e. the individual / staff working for the organisation) providing cybersecurity services to the receiving organisation; however, these contractors shall not further disseminate the information with their parent company or other customers.
Traffic Light Protocol - Green
Limited disclosure, Recipients can share this within their community. 
Recipients may share information with peers and partner organisations within their community, but not via publicly accessible channels.
Traffic Light Protocol - Clear

Recipients can spread this to the world, there is no limit on disclosure. 
Subject to standard copyright rules, recipients may share information without restriction.

 

TLP 2.0 Terminology Definitions

Community: Under TLP, a community is a group which share common goals, practices, and informal trust relationships. A community can be as broad as all cybersecurity practitioners in a country (or in a sector or region). 

Organisation: Under TLP, an organisation is a group which share a common affiliation by formal membership and are bound by common policies set by the organisation. An organisation can be as broad as all members of an information sharing organisation, but rarely broader.

Clients: Under TLP, clients are those people or entities that receive cybersecurity services from an organisation. Clients are by default included in TLP:AMBER so that the recipients may share information further downstream in order for their clients to take action to protect themselves. For organisations with national responsibility, this definition includes stakeholders and constituents.

Click here for Frequently Asked Questions
Tags
Cybersecurity & IT Professionals Resources
Share