This is where you will find all the standard IEP Policy Files. IEP Policy Files are shared network-accessible IEP policies that anyone else can use in their platform. We recommend you investigate the IEP TLP Policy File first, as TLP very commonly used within the intelligence sharing community.
The FIRST IEP-SIG IEP 2.0 TLP Policies are designed to extend and codify each Traffic Light Protocol (TLP) level within a matching Information Exchange Policy. Each IEP-SIG TLP policy is aligned as much as possible with the information exchange requirements of the relevant TLP level. This was purposely done to allow implementers and platform developer to reuse these standard Policy Files in their own products. We hope these become the standard way that threat intelligence producers inform recipients of how they can use the information they receive.
|FIRST IEP-SIG IEP 2.0 TLP Red Policy File|
|Policy Name||FIRST IEP-SIG IEP TLP Red|
|FIRST IEP-SIG IEP 2.0 TLP Amber Policy File|
|Policy Name||FIRST IEP-SIG IEP TLP Amber|
|FIRST IEP-SIG IEP 2.0 TLP Green Policy File|
|Policy Name||FIRST IEP-SIG IEP TLP Green|
|FIRST IEP-SIG IEP 2.0 TLP White Policy File|
|Policy Name||FIRST IEP-SIG IEP TLP White|
The FIRST IEP-SIG have also created a network accessible copy of the Unknown IEP Policy. This IEP is designed to be the most restrictive as possible, as it is only used when Implementations know that an IEP was applied, but are unable to find out what it was, no longer have a cached copy of the IEP, and are unable to contact the Provider of the information to provide guidance as to which IEP should be applied.
In this case the IEP Framework applies a default restrictive policy to the information to ensure that it cannot be shared to any other entity other than the Recipient.
The details are below:
|Policy Name||FIRST IEP-SIG Unknown IEP|