On Nov. 1, 2022, CISA will upgrade from Traffic Light Protocol (TLP) 1.0 to TLP 2.0 in accordance with the recommendation by the Forum of Incident Response Security Teams (FIRST) that organizations move to 2.0 by the end of 2022. TLP Version 2.0 brings the following key updates:
- TLP:CLEAR replaces TLP:WHITE for publicly releasable information.
- TLP:AMBER+STRICT supplements TLP:AMBER, clarifying when information may be shared with the recipient’s organization only.
CISA encourages all network defenders and partners to upgrade to TLP Version 2.0 to facilitate greater information sharing and collaboration. For more information see:
- On Nov. 1, CISA Upgrades to Traffic Light Protocol 2.0 — Join Us! by Tom Millar, Cybersecurity Senior Advisor, CISA, and Co-chair of the FIRST TLP Special Interest Group (SIG)
- CISA.gov/TLP, which contains links to CISA’s TLP 2.0 User Guide and Fact Sheet
Note: CISA’s Automated Indicator Sharing (AIS) capability will not update from TLP 1.0 to TLP 2.0 until March 2023. This exception includes AIS’s use of the following open standards: the Structured Threat Information Expression (STIX™) for cyber threat indicators and defensive measures information and the Trusted Automated Exchange of Intelligence Information (TAXII™) for machine-to-machine communications.
For questions on CISA’s use of TLP, reach out to CISA_TLP_Tiger_Team@cisa.dhs.gov.