Traffic Light Protocol (TLP) Matrix
The CSHUB-CSIRT follows Traffic Light Protocol(TLP) in the table below, which is defined by the FIRST.Org as a standard for information classification. This policy cannot by applied for information that is classified as per the Republic of South Africa (RSA) Government of classification rules.
TLP | Distribution Principle | Description | Examples |
RED | Not for disclosure, restricted to participants only | Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party's privacy, reputation, or operations if misused. Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person. | Personal identification information, passwords |
AMBER | Limited disclosure, restricted to participants' organisations | Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organisations involved. Recipients may only share TLP:AMBER information with members of their own organisation, and with clients or customers who need to know the information to protect themselves or prevent further harm. | Incident information, asset vulnerabilities, cybersecurity assessment and advisory reports |
GREEN | Limited disclosure, restricted to community | Sources may use TLP:GREEN when information is useful for the awareness of all participating organisations as well as with peers within the broader community or sector. Recipients may share TLP:GREEN information with peers and partner organisations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not be released outside of the community. | Presentations to constituency and community |
WHITE | Disclosure is not limited | Sources may use TLP:WHITE when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. Subject to standard copyright rules, TLP:WHITE information may be distributed without restriction. | Public articles, e.g. cybersecurity awareness material, generalised and anonymised incident coordination statistics |