The Traffic Light Protocol (TLP) was created to facilitate greater information sharing. TLP is a set of designations used to ensure that sensitive information is shared with appropriate audiences.
TLP uses four colors to define sharing boundaries for the recipient(s), indicating when and how sensitive information can be shared and supporting more effective collaboration. TLP is optimized for ease of adoption, human readability, and person-to-person sharing.
At Trinity College, TLP may be used to help communicate the appropriate sharing boundaries for cybersecurity, privacy, risk, and operational information. It does not replace college policy, data classification requirements, legal or regulatory obligations, or other institutional handling expectations.
The source is responsible for ensuring that recipients of TLP information understand and can follow TLP sharing guidance. If a recipient needs to share the information more widely than the original TLP designation allows, they must obtain explicit permission from the original source. See CISA’s Traffic Light Protocol (TLP) Definitions and Usage for more information.
Definitions
| Color | When should it be used? | How may it be shared? |
|---|---|---|
TLP:RED – Not for disclosure, restricted to participants only. |
Sources may use TLP:RED when information cannot be effectively acted upon by additional parties, and could lead to impacts on a party’s privacy, reputation, or operations if misused. |
Recipients may not share TLP:RED information with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP:RED information is limited to those present at the meeting. In most circumstances, TLP:RED should be exchanged verbally or in person. |
TLP:AMBER – Limited disclosure, restricted to participants’ organizations. |
Sources may use TLP:AMBER when information requires support to be effectively acted upon, yet carries risks to privacy, reputation, or operations if shared outside of the organizations involved. |
Recipients may only share TLP:AMBER information with members of their own organization who need to know the information to protect systems, respond to an issue, or reduce risk. Sources are at liberty to specify additional intended limits of the sharing, and those limits must be followed. |
TLP:GREEN – Limited disclosure, restricted to the community. |
Sources may use TLP:GREEN when information is useful for the awareness of all participating organizations as well as with peers within the broader community or sector. |
Recipients may share TLP:GREEN information with peers and partner organizations within their sector or community, but not via publicly accessible channels. Information in this category can be circulated widely within a particular community. TLP:GREEN information may not be released outside of the community. |
TLP:CLEAR – Disclosure is not limited. |
Sources may use TLP:CLEAR when information carries minimal or no foreseeable risk of misuse, in accordance with applicable rules and procedures for public release. |
Subject to standard copyright rules, records requirements, and applicable policy expectations, TLP:CLEAR information may be distributed without restriction. |
Trinity College Examples
The examples below are intended to help Trinity community members apply TLP labels in practical situations.
- TLP:RED: Active security incident details limited to a small response group, such as information involving a specific person,
system, vendor, or unresolved investigative step. - TLP:AMBER: Internal notices about phishing campaigns, technical findings, control gaps, or operational risk information are shared on a need-to-know basis within Trinity College.
- TLP:GREEN: Threat awareness information that may be shared with trusted peers in higher education, professional communities, or sector partners, but not posted publicly.
- TLP:CLEAR: General cybersecurity awareness tips, training reminders, or public-facing best practice guidance intended for broad distribution.
Important Notes
- TLP applies to the specific information being shared, not automatically to all related material.
- If you need to share information beyond what the label allows, obtain permission from the original source first.
- TLP should be used alongside Trinity College policy, data classification requirements, and any applicable legal or contractual obligations.
- If no TLP marking is present, do not assume the information is public.
