"CISA Issues Guidance on Transitioning to TLP 2.0"

The US Cybersecurity and Infrastructure Security Agency (CISA) recently published a user guide to help organizations prepare for the November 1, 2022, move from Traffic Light Protocol (TLP) version 1.0 to TLP 2.0.  TLP is used to inform recipients of sensitive information on the extent to which they may share the provided data and relies on four labels to indicate sharing boundaries that recipients can apply.  In TLP 1.0, these four labels are TLP:RED, TLP:AMBER, TLP:GREEN, and TLP:WHITE.  These four labels restrict the sharing of information to specific participants only, to participants’ organizations, to the community, or allow full disclosure, respectively.  Changes that TLP 2.0 brings include the replacement of TLP:WHITE with TLP:CLEAR and the inclusion of TLP:AMBER+STRICT to supplement TLP:AMBER.  CISA noted that starting with TLP 2.0, the sharing of information will be restricted to individual recipients only, to the recipient’s organization and its clients (TLP:AMBER+STRICT will restrict the sharing to the organization only), or to the recipient’s community, or can be shared to the world.  The TLP labels can be inserted within documents (in the header and footer of each page), automated information exchanges, emails, and chats (directly before the information itself), and even in verbal discussions.  While the move to TLP 2.0 is planned for November 1, CISA will not update its Automated Indicator Sharing (AIS) capability until March 2023.  CISA urges organizations to take note of the upcoming move to TLP 2.0 and to adopt the newer version to “facilitate greater information sharing and collaboration.”

 

SecurityWeek reports: "CISA Issues Guidance on Transitioning to TLP 2.0"

Submitted by Anonymous on