CISA: CISA Publishes User Guide to Prepare for Nov. 1 Move to TLP 2.0

CISA Publishes User Guide to Prepare for Nov. 1 Move to TLP 2.0

CISA has published its Traffic Light Protocol 2.0 User Guide and Traffic Light Protocol: Moving to Version 2.0 fact sheet in preparation for its November 1, 2022 move from Traffic Light Protocol (TLP) Version 1.0 to TLP 2.0.

Managed by the Forum of Incident Response and Security Teams (FIRST), TLP is a system of markings that communicates information sharing permissions. According to FIRST, the purpose of TLP is “to facilitate greater sharing of potentially sensitive information and more effective collaboration.” Note: Unlike formal classification systems, TLP is not legally binding.

TLP Version 2.0 brings the following key updates:

• TLP:CLEAR replaces TLP:WHITE for publicly releasable information.
• TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when information may be shared with the recipient’s organization only.

Note: CISA’s Automated Indicator Sharing (AIS) capability will not update from TLP 1.0 to TLP 2.0 until March 2023. This exception includes AIS’s use of the following open standards: the Structured Threat Information Expression (STIX™) for cyber threat indicators and defensive measures information and the Trusted Automated Exchange of Intelligence Information (TAXII™) for machine-to-machine communications.

As CISA prepares to implement this update, we want to inform partners of the upcoming change and encourage all network defenders to adopt TLP Version 2.0 to facilitate greater information sharing and collaboration.

For more information on TLP, visit FIRST’s TLP webpage at www.first.org/tlp/. On November 1, 2022, CISA will update www.cisa.gov/tlp to reflect the TLP Version 2.0 changes.