Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

CISA Issues Guidance on Transitioning to TLP 2.0

The US Cybersecurity and Infrastructure Security Agency (CISA) this week published a user guide to help organizations prepare for the November 1, 2022, move from Traffic Light Protocol (TLP) version 1.0 to TLP 2.0.

The US Cybersecurity and Infrastructure Security Agency (CISA) this week published a user guide to help organizations prepare for the November 1, 2022, move from Traffic Light Protocol (TLP) version 1.0 to TLP 2.0.

TLP is used to inform recipients of sensitive information on the extent to which they may share the provided data, and relies on four labels to indicate sharing boundaries that recipients can apply.

In TLP 1.0, these four labels are TLP:RED, TLP:AMBER, TLP:GREEN, and TLP:WHITE, and restrict the sharing of information to specific participants only, to participants’ organizations, to the community, or allow full disclosure, respectively.

Changes that TLP 2.0 brings include the replacement of TLP:WHITE with TLP:CLEAR and the inclusion of TLP:AMBER+STRICT to supplement TLP:AMBER.

Thus, starting with TLP 2.0, the sharing of information will be restricted to individual recipients only, to the recipient’s organization and its clients (TLP:AMBER+STRICT will restrict the sharing to the organization only), or to the recipient’s community, or can be shared to the world.

The TLP labels can be inserted within documents (in the header and footer of each page), in automated information exchanges, emails and chats (directly prior to the information itself), and even in verbal discussions, the fact sheet on moving to TLP 2.0 explains.

While the move to TLP 2.0 is planned for November 1, CISA will not update its Automated Indicator Sharing (AIS) capability until March 2023.

CISA is urging organizations to take note of the upcoming move to TLP 2.0 and to adopt the newer version to “facilitate greater information sharing and collaboration”.

Advertisement. Scroll to continue reading.

This TLP system of markings, which is managed by the Forum of Incident Response and Security Teams (FIRST), is not legally binding, the agency also notes.

Related: US Agencies Publish Security Guidance on Implementing Open RAN Architecture

Related: AMTSO Publishes Guidance for Testing IoT Security Products

Related: US, UK, New Zealand Issue PowerShell Security Guidance

Related: CISA Releases Final IPv6 Security Guidance for Federal Agencies

Written By

Ionut Arghire is an international correspondent for SecurityWeek.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...

CISO Conversations

Joanna Burkey, CISO at HP, and Kevin Cross, CISO at Dell, discuss how the role of a CISO is different for a multinational corporation...

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.

CISO Conversations

In this issue of CISO Conversations we talk to two CISOs about solving the CISO/CIO conflict by combining the roles under one person.

CISO Strategy

Security professionals understand the need for resilience in their company’s security posture, but often fail to build their own psychological resilience to stress.