TLP:RED
For the
eyes and ears of individual recipients only, no further disclosure.
Sources may use TLP:RED when information cannot be effectively acted
upon without significant risk for the privacy, reputation, or
operations of the organizations involved. Recipients may therefore
not share TLP:RED information with anyone else. In the context of a
meeting, for example, TLP:RED information is limited to those
present at the meeting.
TLP:AMBER
Limited disclosure, recipients can only spread this on a
need-to-know basis within their organization and its clients.
Note
that TLP:AMBER+STRICT restricts sharing to the organization only.
Sources may use TLP:AMBER when information requires support to be
effectively acted upon, yet carries risk to privacy, reputation, or
operations if shared outside of the organizations involved.
Recipients may share TLP:AMBER information with members of their own
organization and its clients, but only on a need-to-know basis to
protect their organization and its clients and prevent further harm.
Note: if the source wants to restrict sharing to the organization
only, they must specify TLP:AMBER+STRICT.
TLP:GREEN
Limited disclosure, recipients can spread
this within their community.
Sources may use TLP:GREEN when information is useful to increase
awareness within their wider community. Recipients may share
TLP:GREEN information with peers and partner organizations within
their community, but not via publicly accessible channels. TLP:GREEN
information may not be shared outside of the community. Note: when
“community” is not defined, assume the cybersecurity/defense
community
TLP:WHITE
Recipients can spread this to the world,
there is no limit on disclosure.
Sources may use TLP:CLEAR when information carries minimal or no
foreseeable risk of misuse, in accordance with applicable rules and
procedures for public release. Subject to standard copyright rules,
TLP:CLEAR information may be shared without restriction