U.S. Government Issues New TLP Guidance for Cross-Sector Threat Intelligence Sharing
The U.S. government (USG) has issued new guidance governing the use of the Traffic Light Protocol (TLP) to handle the threat intelligence information shared between the private sector, individual researchers, and Federal Departments and Agencies.
"The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in conflict with existing law or policy," it said.
"We adhere to these markings because trust in data handling is a key component of collaboration with our partners."
In using these designations, the idea is to foster trust and collaboration in the cybersecurity community while ensuring that the information is shared in a controlled manner, the government added.
TLP is a standardized framework for classifying and sharing sensitive information. It comprises four colors -- Red, Amber, Green, and White -- that determine how it can be distributed further and only to those who need to know.
- TLP:RED - Information that's not for disclosure outside of the parties to which it was initially shared without their explicit permission
- TLP:AMBER+STRICT - Information that's for limited disclosure and may be shared on a need-to-know basis only to those within an organization
- TLP:AMBER - Information that's for limited disclosure and may be shared on a need-to-know basis, either only to those within an organization or its clients
- TLP:GREEN - Information that's for limited disclosure and may be shared with peers and partner organizations, but not via publicly accessible channels
- TLP:CLEAR - Information that can be shared freely without any restrictions
"We already do so much work together as a cybersecurity community to achieve an affirmative, values-driven vision for a secure cyberspace that creates opportunities to achieve our collective aspirations," National Cyber Director Harry Coker, Jr. said in a statement.
"We hope that this guidance will help both our interagency and private sector partners clearly understand the immense respect we have for trusted information sharing channels – and that it will allow more of those partnerships to flourish."
New Research Reveals Spectre Vulnerability Persists in Latest AMD and Intel Processors
A Sherlock Holmes Approach to Cybersecurity: Eliminate the Impossible with Exposure Validation
CVE-2024-20439 Cisco Smart Licensing Utility Static Credential Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2019-9874 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2019-9875 Sitecore CMS and Experience Platform (XP) Deserialization Vulnerability
CVE-2025-30154 reviewdog/action-setup GitHub Action Embedded Malicious Code Vulnerability
CVE-2025-1316 Edimax IC-7100 IP Camera OS Command Injection Vulnerability
CVE-2024-48248 NAKIVO Backup and Replication Absolute Path Traversal Vulnerability
CVE-2017-12637 SAP NetWeaver Directory Traversal Vulnerability
CVE-2025-24472 Fortinet FortiOS and FortiProxy Authentication Bypass Vulnerability
MediumProxy Disclosure
InformationalSec-Fetch-User Header Has an Invalid Value
HighPath Traversal
HighOut of Band XSS
Free online web security scanner
