Health-ISAC Traffic Light Protocol (TLP)
All information submitted, processed, stored, archived, or disposed of will be classified and handled according to its classification.
Information will be classified using the Traffic Light Protocol (TLP), defined as:
RED information may not be shared with any parties outside of the specific exchange, meeting, or conversation in which it was originally disclosed. In the context of a meeting, for example, TLP RED information is limited to those present at the meeting. In most circumstances, TLP RED should be exchanged verbally or in person.
AMBER is limited disclosure; recipients can only share this information on a need-to-know basis within their organization and its clients or partners, but only on a need-to-know basis to protect their organization and its clients and partners and prevent further harm. SHARING IS NOT PERMITTED via social media, public websites, and/or other publicly accessible channels. Sources typically use the TLP AMBER designation when information requires support to be effectively acted upon, yet carries a risk to privacy, reputation, or operations if shared outside of the organizations involved
GREEN is limited disclosure; recipients can ONLY share this within their TRUST community. Recipients should consider the information proprietary and may ONLY share TLP GREEN information with peers and partner organizations (e.g., CERTS, law enforcement, government agencies, and other ISACs) within their TRUST community; SHARING IS NOT PERMITTED via social media, public websites, and/or other publicly accessible channels.
WHITE is subject to standard copyright rules; information may be distributed without restriction.
Members must treat all information obtained from Health-ISAC or via Health-ISAC members according to the “Traffic Light Protocol” and Health-ISAC Membership Agreement.