News Own Your Online External Link Report it
News Own Your Online External Link
  1. Welcome to the National Cyber Security Centre
  2. Protect your organisation
  3. Guidance
  4. Traffic Light Protocol

Traffic Light Protocol

The Traffic Light Protocol (TLP) was created to facilitate greater sharing of information. TLP is designed to improve the flow of information between individuals, organisations, or communities in a controlled and trusted way.

TLP is a set of designations used to ensure that sensitive information is shared with the appropriate audience. The protocol is maintained by the Forum of Incident Response and Security Teams (FIRST), which released TLP2.0 in 2022. 

FIRST Standards Definitions and Usage Guidance: Traffic Light Protocol (TLP) External Link

TLP uses four colours to indicate expected sharing boundaries to be applied by the recipient(s). 

If a recipient needs to share the information more widely than indicated in the TLP designation, they must obtain explicit permission from the original source.

RED

Restricted to individual recipients only, no further disclosure.

When should it be used?

Information sources may use TLP: RED when information cannot be effectively acted upon without significant risk for the privacy, reputation, or operations of the organisations involved.

How may it be shared?

TLP: RED information is for the eyes and ears of individual recipients only, no further disclosure. 

In the context of a meeting, for example, TLP: RED information is limited to those present at the meeting. In most circumstances, TLP: RED should be exchanged verbally or in person.

AMBER + STRICT

Limited disclosure, restricted to the recipients’ organisation only.  

When should it be used?

Information sources may use TLP: AMBER+STRICT when information requires support to be effectively acted upon, but carries risk to privacy, reputation, or operations if shared outside of the organisations involved.

How may it be shared?

Recipients may only share TLP: AMBER+STRICT information with members of their own organisation who need to know the information to protect themselves or prevent further harm.

AMBER

Limited disclosure, restricted to recipients’ organisations and their clients on a need-to-know basis.

When should it be used?

Information sources may use TLP: AMBER when information requires support to be effectively acted upon, but carries risk to privacy, reputation, or operations if shared outside of the organisations and their clients involved.

How may it be shared?

Recipients may only share TLP: AMBER information with members of their own organisation, and with clients or customers who need to know the information to protect themselves or prevent further harm.  

GREEN

Limited disclosure, restricted to recipients and their community.

When should it be used?

Information sources may use TLP: GREEN when information is useful for the awareness of peers and partner organisations within their sector or community. If ‘community’ isn’t defined, treat it as the wider cyber security community.

How may it be shared?

Recipients may share TLP: GREEN information with peers and partner organisations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated within a particular community. TLP: GREEN information may not be released outside of the community.

CLEAR

Disclosure is not limited.

When should it be used?

Information sources may use TLP: CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release.

How may it be shared?

TLP: CLEAR information may be distributed without restriction, subject to standard copyright rules.

Traffic Light Protocol designation examples

TLP: RED 

The NCSC receives information about a serious undisclosed data breach suffered by a large organisation. The breach poses significant risk to individuals’ privacy and the organisation’s continued operations. The NCSC shares details of the breach in a meeting with specific members of the organisation’s security team.

TLP: AMBER+STRICT 

The NCSC is aware of a newly disclosed vulnerability that is likely to affect one nationally significant organisation. The NCSC produces a report detailing mitigation strategies and emails the report to the affected organisation.

TLP: AMBER 

The NCSC receives information about a new type of malware targeting New Zealand institutions within a certain sector. The NCSC produces a report detailing mitigation strategies for the malware and emails the report to institutions within the affected 
sector.  

TLP: GREEN 

The NCSC produces an advisory describing the actions needed to mitigate a recently disclosed security vulnerability. The NCSC emails the advisory to a list of organisations who may be affected by the vulnerability.

TLP: CLEAR 

The NCSC produces cyber security advice designed to help organisations and their staff work more securely when they are away from the office. The NCSC publishes the advice on its public website for a general audience.

TLP usage: documents 

Documents using a TLP designation must indicate the relevant TLP colour in the header and footer of each page. The TLP colour should appear in capital letters and in 12-point type or greater. The letters must be right-justified on the page and presented with a black background. The below tables define the lettering colours for each TLP designation. 

RGB 

TLP: RED 

  • Text: R=255, G=43, B=43.
  • Background: R=0, G=0, B=0.

TLP: AMBER+STRICT 

  • Text: R=255, G=192, B=0. 
  • Background: R=0, G=0, B=0. 

TLP: AMBER 

  • Text: R=255, G=192, B=0. 
  • Background: R=0, G=0, B=0.

TLP: GREEN 

  • Text: R=51, G=255, B=0. 
  • Background: R=0, G=0, B=0.

TLP: CLEAR 

  • Text: R=255, G=255, B=255. 
  • Background: R=0, G=0, B=0. 

CYMK 

TLP: RED 

  • Text: C=0, M=83, Y=83, K=0.  
  • Background: C=0, M=0, Y=0, K=100. 

TLP: AMBER+STRICT 

  • Text: C=0, M=25, Y=100, K=0.  
  • Background: C=0, M=0, Y=0, K=100.

TLP: AMBER 

  • Text: C=0, M=25, Y=100, K=0.  
  • Background: C=0, M=0, Y=0, K=100. 

TLP: GREEN 

  • Text: C=79, M=0, Y=100, K=0.  
  • Background: C=0, M=0, Y=0, K=100. 

TLP: CLEAR 

  • Text: C=0, M=0, Y=0, K=0.  
  • Background: C=0, M=0, Y=0, K=100. 

TLP usage: email 

Emails using a TLP designation should indicate the relevant TLP colour in the subject line and in the body of the email, preceding the information.

The TLP colour must be displayed in capital letters for example, TLP: AMBER.

The NCSC can be contacted by email at: info@ncsc.govt.nz.

We encourage you to contact us at any time if you require any further assistance or advice.