TLP SIG announces consolidated FIRST TLP version 1.0

In regular use by all types of CSIRTs, operational trust communities, information sharing analysis organizations, government agencies, and private researchers, TLP has achieved "de facto" international standard status.

TLP, originally developed to encourage information sharing with and among public and private sector security professionals in the United Kingdom, has achieved widespread adoption around the globe. In regular use by all types of CSIRTs, operational trust communities, information sharing analysis organizations, government agencies, and private researchers, TLP has achieved "de facto" international standard status. The FIRST community, in consultation with other security information sharing communities, has established a Standards SIG for TLP to ensure that interpretations are consistent and that TLP is leveraged appropriately and with clear expectations by all.

The TLP SIG was set up after the FIRST Conference in Berlin in 2015, with Tom Millar (US-CERT) and Don Stikvoort (TF-CSIRT) as chairs. The first batch of work was to consolidate existing TLP versions into one improved version. This consolidation proved to be a non-trivial process, but as a TLP we reached concensus in the early days of the Seoul Conference.

As a result, at the 28th Annual Conference and AGM in Seoul, June 2016, the TLP SIG finalized the initial draft of a common, standardized set of definitions for all Traffic Light Protocol colors in English along with clear usage guidance explaining how, when and where TLP should be used to be most effective.

The draft was presented to the FIRST Board during and after the conference to be considered for publication as FIRST standard and hosted on the public FIRST.org website as a reference — and accepted as such.

FIRST TLP Definitions and Usage Guidance, Version 1.0 is online and FIRST SIG recommends to take note of it, adopt it, and use it.

The next deliverable for the SIG will be a governance document to explain the rules by which the SIG will govern the TLP standard in the future.

FIRST TLP-SIG now looks forward to constructive suggestions. Take note however, the current version is the result of intense discussion between CSIRT community from all over the world - and any process of change/improvement in the TLP version can be expected to be a SLOW process. The TLP-SIG seeks stability for TLP.

Tom Millar & Don Stikvoort
TLP SIG chairs