Document Disclosure Classification
Document classifications are used by FinCSIRT to disseminate documentation with the highlight of its classification levels indicating, if the document is permitted on further distribution or for the readers eyes only
| Classification | Description |
|---|---|
| Private and Confidential | Circulation of this document is prohibited and intended for the use of the original recipient(s) only. |
| Organization Internal Use Only | Circulation of the document is permitted within authorized persons of the organization, at the discretion of those authorized individuals. |
| Public Circulation Permitted | This document is permitted for public viewing with no restrictions on circulation of the document. |
Information Classification LankaPay PVT LTD (LPPL)
The below categories are to be used to comply with LankaPay Pvt Ltd data classification standards.
| Classification | Description |
|---|---|
| Public | Information that is deemed to be shared in a public domain with the approval of the relevant officials. |
| Internal | Information that can be shared among all internal staff. |
| Restricted Internal | Sensitive Information which should be known among a specific group of people on a need to know basis. |
| Restricted External | Sensitive Information which should be known internally and externally among a specific group of people on a need to know basis. |
| Confidential Internal | Confidential Information which should be known to selected set of internal individuals. |
| Confidential External | Confidential Information which should be known to selected set of internal and external individuals |
| Strictly Confidential | Information which only the individual would know and would not be shared with anyone else under any circumstances |
Traffic Light Protocol (TLP)
FinSCSIRT uses TLP according to the FIRST Standard Definition and Usage Guidance.
The Traffic Light Protocol (TLP) was created to facilitate greater sharing of sensitive information with the appropriate audience. TLP employs four colors to indicate the sharing boundaries that should be applied by recipients.
Usage
When using TLP in email, the designated color must appear in the subject line and body of the message before the sensitive information itself. Always use capital letters: TLP:RED, TLP:AMBER, TLP:GREEN, TLP:WHITE.
| Color | When should it be used? | How may it be shared? |
|---|---|---|
TLP:RED Not for disclosure, restricted to participants only. |
Use when the information is highly sensitive, and disclosure could impact privacy, reputation, or operations. | Must not be shared outside the specific meeting, exchange, or conversation in which it was disclosed. |
TLP:AMBER Limited disclosure, restricted to organizations. |
Use when information requires support but carries risk if shared outside the involved organizations. | May only be shared with members of the same organization or clients/customers on a need-to-know basis. |
TLP:GREEN Limited disclosure, restricted to the community. |
Use when information is useful to the broader community or sector. | May be shared with peers and partner organizations within the sector/community, but not via public channels. |
TLP:CLEAR Disclosure is not limited. |
Use when information poses minimal or no foreseeable risk of misuse. | May be distributed freely without restriction, subject to copyright rules. |