Standard IEP Policies

This is where you will find all the standard IEP Policy Files. IEP Policy Files are shared network-accessible IEP policies that anyone else can use in their platform. We recommend you investigate the IEP TLP Policy File first, as TLP very commonly used within the intelligence sharing community.

FIRST TLP Policies

The FIRST IEP-SIG IEP 2.0 TLP Policies are designed to extend and codify each Traffic Light Protocol (TLP) level within a matching Information Exchange Policy. Each IEP-SIG TLP policy is aligned as much as possible with the information exchange requirements of the relevant TLP level. This was purposely done to allow implementers and platform developer to reuse these standard Policy Files in their own products. We hope these become the standard way that threat intelligence producers inform recipients of how they can use the information they receive.

FIRST IEP-SIG IEP 2.0 TLP Red Policy File
Policy Name FIRST IEP-SIG IEP TLP Red
Policy ID 5e607e88-ab70-4977-8c1b-ee3a16b0f68c
Policy URL first.org/iep/2.0/first-tlp-iep.iepj
FIRST IEP-SIG IEP 2.0 TLP Amber Policy File
Policy Name FIRST IEP-SIG IEP TLP Amber
Policy ID 01bc4353-4829-4d55-8d52-0ab7e0790df9
Policy URL first.org/iep/2.0/first-tlp-iep.iepj
FIRST IEP-SIG IEP 2.0 TLP Green Policy File
Policy Name FIRST IEP-SIG IEP TLP Green
Policy ID 3903ce63-674c-4b70-9457-8c5527dd9115
Policy URL first.org/iep/2.0/first-tlp-iep.iepj
FIRST IEP-SIG IEP 2.0 TLP White Policy File
Policy Name FIRST IEP-SIG IEP TLP White
Policy ID 0d783790-b221-40c1-840a-5787330612c1
Policy URL first.org/iep/2.0/first-tlp-iep.iepj

FIRST IEP-SIG Unknown IEP

The FIRST IEP-SIG have also created a network accessible copy of the Unknown IEP Policy. This IEP is designed to be the most restrictive as possible, as it is only used when Implementations know that an IEP was applied, but are unable to find out what it was, no longer have a cached copy of the IEP, and are unable to contact the Provider of the information to provide guidance as to which IEP should be applied.

In this case the IEP Framework applies a default restrictive policy to the information to ensure that it cannot be shared to any other entity other than the Recipient.

The details are below:

Policy Name FIRST IEP-SIG Unknown IEP
Policy ID e4eb1db1-e0fb-4200-9f4c-4c713bb197aa
Policy URL first.org/iep/2.0/first-tlp-iep.iepj