Traffic Light Protocol (TLP)

BGD e-gov CIRT uses Traffic Light Protocol (TLP) for information classification.

What is TLP?
The Traffic Light Protocol (TLP) was created to encourage greater sharing of sensitive information. It is designed to improve the flow of information between individuals, organizations or communities in a controlled and trusted way.

Information classification according TLP in BGD e-gov CIRT

TLP Distribution principle Mapping with the business category Description Examples
RED (1-to-1, strictly limited) Confidential information Sensitive information disclosure of which can harm BGD e-gov CIRT or its external parties’ reputation, operations, or includes personal BGD e-gov CIRT team members or external parties’ data and information which is treated as confidential information in BGD e-gov CIRT agreements Passwords, personal data as a personal identification number
AMBER (1-to-group, limited) Internal information Incidents information and all other information which is not treated as a public or confidential Software security vulnerability, security incident information, system logs, DDOS and other kind of attacks associated to cybersecurity area, information about identified (acting) botnet networks, press releases before announcement
GREEN (1-to-many, limited)(information security community or special interest groups) Public information Information which was disclosed publically in accordance with internal BGD e-gov CIRT procedures or related agreements with external parties Information widely available in the public domain, including publicly available BGD e-gov CIRT web site areas, general information about incidents (statistic), list of malicious URLs that are serving malware, BGD e-gov CIRT contact information, press releases after announcement
WHITE (1-to-many, unlimited)(no restrictions, public)