TLP, originally developed to encourage information sharing with and among public and private sector security professionals in the United Kingdom, has achieved widespread adoption around the globe. In regular use by all types of CSIRTs, operational trust communities, information sharing analysis organizations, government agencies, and private researchers, TLP has achieved "de facto" international standard status. The FIRST community, in consultation with other security information sharing communities, has established a Standards SIG for TLP to ensure that interpretations are consistent and that TLP is leveraged appropriately and with clear expectations by all.
Rather than having TLP interpreted or governed separately by different communities of CSIRTs, the FIRST TLP SIG will govern the definition of TLP for the benefit of the worldwide CSIRT community and its operational partners. The TLP SIG members will standardize, translate and, as necessary, evolve the Traffic Light Protocol in an independent, fair and transparent fashion.
At the 28th Annual Conference and AGM in Seoul, June 2016, the TLP SIG produced the initial draft of a common, standardized set of definitions for all Traffic Light Protocol colors in English along with clear usage guidance explaining how, when and where TLP should be used to be most effective. This draft was presented to the FIRST Board during the conference to be considered for publication as FIRST standard and hosted on the public FIRST.org website as a reference.
Visit the Traffic Light Protocol Definitions and Usage Guidance at www.first.org/tlp.
The next deliverable for the SIG will be a governance document to explain the rules by which the SIG will govern the TLP standard in the future.
Tom Millar, US-CERT
Don Stikvoort, TF-CSIRT