Traffic Light Protocol

AfricaCERT members must adhere to AfricaCERT’s policy on Information Sharing and Handling. Trust and confidence are vital when sharing information. Appropriately assigning TLP designations and handling information builds and maintains trust and confidence within the AfricaCERT community and strengthens cooperative and collaborative efforts to prevent and mitigate malicious cyber activity.

All AfricaCERT members share the responsibility for ensuring that information assets receive an appropriate level of protection by observing this Information Sharing and Handling policy. AfricaCERT Teams follow and honor the TLP (Traffic Light Protocol); protocol recognized, supported, and widely accepted in the CSIRT Community.

Information ‘owners’ shall be responsible for assigning classifications to information assets according to AfricaCERT information classification policy presented below. Where practicable, the information category shall be embedded in the information itself.

AfricaCERT Members shall be guided by the information category in their security-related handling of information. If TLP is not supported by an external entity, the classification schemes of both entities must be matched in order to guarantee information confidentiality.

1. TLP Classification.

The TLP classification comprises the following rules; all communications, are tagged in the subject as TLP: Color where Color is RED, AMBER, GREEN or CLEAR.

A similar stamp should be clearly visible on the cover and in the footer of all documents sent to or issued by AfricaCERT. If contact is by phone or videoconference, the TLP classifications are stated prior to the delivery of the information.

2. Email and Written Information

For information exchange by email or in written form, AfricaCERT adds an additional Data Security Mechanisms such as encryption and signature.

3. Chatham House Rule (CHR) in addition to TLP

AfricaCERT extends the Traffic Light Protocol with a specific tag called Chatham House Rule (CHR). When this specific CHR tag is mentioned, the attribution (the source of information) must not be disclosed. This additional rule is at the discretion of the initial sender who can decide to apply or not the CHR tag. As an example, Chatham House Rule can be used when a reporter of a security vulnerability does not want to be disclosed.

4. Default Classification

Any information received from an AfricaCERT member by another AfricaCERT member that is not classified in accordance with the TLP must be treated as AMBER, unless otherwise advised in writing by the AfricaCERT member that owns /disseminated the information.

Download the Information Sharing and Handling Policy.