FIRST Releases Traffic Light Protocol Version 2.0 with important updates

The Forum of Incident Response and Security Team (FIRST) has updated the globally renowned Traffic Light Protocol (TLP) for the cybersecurity industry - a vital system used by organizations all around the world to share sensitive information. The new version of the TLP results from a thorough consultation with over 50 security industry experts over three years with the goals to standardize, unify and modernize the content and language and provide improved supporting materials.

Aug 05 2022 - Established in 1999 by the National Infrastructure Security Co-ordination Center (NISCC), TLP gradually became well-known globally. FIRST took the lead in unifying and standardizing the TLP in 2015. In 2019, over 50 security incident professionals re-convened the FIRST TLP Special Interest Group (FIRST TLP-SIG) to collaborate to improve the TLP in terms of content, language, supporting materials, and accessibility. After additional consultation with members from other groups and communities from around the world, FIRST finalized the new draft this year. The final TLP version 2.0 is now available for distribution and is planned to be fully adopted worldwide by January 2023.

The most significant changes are as follows:

  • Removed synonyms and colloquialisms to improve accessibility for non-native English speakers and ease of translation.
  • Focused on consistent language and terminology, adding definitions for community, organization, and clients.
  • Added a colors table to include RGB, CMYK, and hexadecimal color codes.
  • TLP:WHITE has become TLP:CLEAR.
  • Added the TLP:AMBER+Strict label to highlight information that is restricted to the recipient’s organization only.

FIRST TLP-SIG co-chair Don Stikvoort (Open CSIRT Foundation) said: “We are increasingly spreading more confidential and sensitive information inside our community, inside companies, inside business sectors, inside countries, and worldwide. We need systems that are easy to use, simple to understand, and straightforward enough that translation does not impact the meaning to ensure that we share sensitive information with the appropriate audience. The updated and modernized TLP version 2.0 does just that.”

While some of these changes may impact the industry’s current tools and firmware, FIRST hopes the industry embraces TLP version 2.0 quickly and will be fully in use by January 2023. The more people accept the protocol, the more smoothly incidents can be coordinated and resolved with minimum anxiety.

Interested parties can find more information and the TLP here.

Also available in PDF

About FIRST

FIRST aspires to bring together incident response and security teams from every country across the world to ensure a safe internet for all. Founded in 1990, the Forum of Incident Response and Security Teams (FIRST) consists of internet emergency response teams from over 600 corporations, government bodies, universities and other institutions across 100 countries in the Americas, Asia, Europe, Africa, and Oceania.

For more information, visit: www.first.org.

Media Contact

Mandy Queen
Mandy Queen PR
Tel: +852 96847365
Email: mandy@mandyqueenpr.com