About
TLP:Black is the newest extension of the Traffic Light Protocol (TLP), created for scenarios where information must remain strictly confined to a curated, invitation-only group of participants. Unlike TLP:Red, which allows any attendee in a session to receive the information, TLP:Black ensures that both attendance and dissemination are tightly controlled.
Definition
Information marked as TLP:Black is disclosed only to explicitly invited participants. No redistribution is permitted, and access to the discussion or room itself is restricted by invitation. This provides the highest level of confidentiality within the TLP model.
Comparison Table
| TLP Category | Definition | Who Can Receive | Dissemination Boundary | Access Control Model |
|---|---|---|---|---|
| TLP:White | Information may be shared freely. | Anyone | Public / unrestricted | Open |
| TLP:Green | Information may be shared within the community or sector. | Trusted community members | Community-wide | Membership/sector affiliation |
| TLP:Amber | Information may be shared within the recipient’s organization on a need-to-know basis. | Recipient + colleagues with legitimate role | Internal to the organization | Organization membership |
| TLP:Red | Information may be shared only with individuals present at the disclosure. | All individuals in the room/session | Room-bounded (no propagation) | Open attendance |
| TLP:Black | Information may be shared strictly within an invitation-only group. No redistribution permitted. | Only explicitly invited participants | Invite-only circle | Curated attendance |
Use Cases
- Closed-door incident coordination between select CSIRTs.
- Briefings with law enforcement or regulators under strict confidentiality.
- Pre-release vulnerability disclosures shared with vetted experts.
- Executive-level strategy sessions requiring absolute trust.