The Retail and Hospitality Information Sharing and Analysis Center (RH-ISAC) today announced its adoption of the FIRST Standard Definitions and Usage Guidance — Traffic Light Protocol (TLP) Version 2.0 for sharing information within the organization. As of January 4, 2023, all RH-ISAC intelligence reports, community calls, workshops, and briefings will follow TLP 2.0 standards. The intelligence team will discuss the transition on the Weekly Analyst Call on January 10, 2023, at 1 p.m. ET and open the floor for questions and comments from the RH-ISAC community.
The TLP 2.0 standard includes several updates to the previous version, including the addition of a new “amber” category, TLP:AMBER+STRICT, which indicates that the information can be shared only within the recipient’s organization. TLP:AMBER now indicates that the information can be shared within the recipient’s organization and with its clients on a need-to-know basis.
Additionally, TLP 2.0 replaces “TLP:WHITE” with “TLP:CLEAR” to indicate content that can be shared with the general public. The version 2.0 update also includes more detailed definitions for each of the TLP categories, as well as guidelines for sharing information across different TLP levels.
CISA has provided a fact sheet for organizations transitioning from TLP 1.0 to 2.0.
For those unfamiliar with TLP, it is a set of guidelines for designating the level of sensitivity and distribution of information. The TLP system uses colors to indicate the intended audience and distribution of information, with “red” being the most sensitive and “clear” is the least sensitive.
The TLP system provides a clear and consistent framework for handling sensitive information, which is crucial in ensuring that important information is not mishandled or inadvertently leaked. It also allows for more efficient and effective communication and collaboration among industry stakeholders.