maride/penretem
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
penretem/addons/tlp.typ

101 lines
4.8 KiB
Typst
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

#import "../aux/valval.typ": panicOnInvalid
#let isUsed = state("tlpIsUsed", false)
// maps TLP status, color, title, and subtitle
#let tlpLightMap = (
"RED": (color: rgb("#FF2B2B"), title: "TLP:RED", content: "recipient only"),
"AMBER": (color: rgb("#FFC000"), title: "TLP:AMBER", content: "organisation\nand its clients"),
"AMBER+STRICT": (color: rgb("#FFC000"), title: "TLP:AMBER+STRICT", content: "organisation only"),
"GREEN": (color: rgb("#33FF00"), title: "TLP:GREEN", content: "within community"),
"CLEAR": (color: rgb("#FFFFFF"), title: "TLP:CLEAR", content: "public")
)
// label draws an inline TLP label with appropiate color and black background
// light may be one of "RED", "AMBER", "AMBER+STRICT", "GREEN", or "CLEAR"
#let label(light) = {
light = upper(light)
// check argument
panicOnInvalid(light, tlpLightMap.keys())
highlight(
fill: black,
text(
weight: "semibold",
fill: tlpLightMap.at(light).color,
tlpLightMap.at(light).title
)
)
}
// mark draws a Traffic Light Protocol mark, used on the cover page
// light may be one of "RED", "AMBER", "AMBER+STRICT", "GREEN", or "CLEAR"
#let mark(light) = {
light = upper(light)
// check argument
panicOnInvalid(light, tlpLightMap.keys())
rect(
height: 100%,
width: 100%,
stroke: (paint: tlpLightMap.at(light).color.darken(10%), thickness: 2pt, dash: "solid"),
align(center + horizon,
grid(
columns: (80%),
rows: (18pt, auto),
gutter: 8pt,
[
#set text(size: if light == "AMBER+STRICT" { 13pt } else { 18pt })
#label(light)
],
text(
size: 12pt,
fill: if light == "CLEAR" { black } else { tlpLightMap.at(light).color.darken(10%) },
tlpLightMap.at(light).content
)
)
)
)
isUsed.update(true)
}
// appendix explains the different values (RED, AMBER, ...) of the Traffic Light protocol, to be included in the appendix of a report
#let appendix() = {
[
== Traffic Light Protocol
The Traffic Light Protocol (TLP) is a standardised system designed to accelerate collaborative response to security incidents by clarifying sharing boundaries for sensitive information. Information flows from an information source (e.g., a pentesting team) to recipients (e.g., clients or partners), with TLP labels governing permissible dissemination. The TLP labels standardised by FIRST#footnote("https://www.first.org/tlp/") are *RED*, *AMBER* and *AMBER+STRICT*, *GREEN*, and *CLEAR*.
=== TLP Label #label("RED")
TLP:RED means _for the eyes of individual recipients only._
The purpose is to protect highly sensitive information where unauthorized disclosure risks privacy, reputation, or operations.
Sharing is strictly prohibited outside the recipient - even within the recipients organisation.
For example: an unauthenticated RCE vulnerability in a payment gateway API is classified TLP:RED. Sharing this internally (e.g., within a clients incident response team or development team) is allowed; sharing anywhere else violates the classification.
=== TLP Label #label("AMBER") and #label("AMBER+STRICT")
TLP:AMBER limits sharing to the recipients organization and its clients on a need-to-know basis. TLP:AMBER+STRICT restricts this further to the organisation, excluding clients.
The purpose is to allow collaboration with controlled exposure. Recipients may share with their own organization (and clients or partners if not using AMBER+STRICT), but must not share publicly or with non-authorized third parties.
For example: a session fixation flaw in a clients SaaS platform is TLP:AMBER. Their security team may share with their provider for patching, but cannot share it with unaffiliated parties.
=== TLP Label #label("GREEN")
TLP:GREEN means _Restricted to the recipients community; not public._
The purpose is to share awareness within a trusted community without public risk.
This allows recipients to share it with peers and partners within their defined community.
For example: a misconfigured AWS S3 bucket exposing anonymized test data is TLP:GREEN. The testing team may share this within the cybersecurity community (e.g., via ISACs or industry forums) to improve collective awareness, but cannot publish it on the internet.
=== TLP Label #label("CLEAR")
TLP:CLEAR means _No restrictions on disclosure._
The purpose is to publicly share low-risk findings with no foreseeable misuse or patched vulnerabilities for transparency.
While sharing is unrestricted, the information may still be subject e.g. to copyright rules like attribution.
For example: a server running an outdated but non-vulnerable SSL/TLS library qualifies as TLP:CLEAR. The testing team may publish this in a blog post to demonstrate tooling for automatic detection and general security practice.
]
}
Reference in New Issue View Git Blame Copy Permalink