Standard IEP Policies
This is where you will find all the standard IEP Policy Files. IEP Policy Files are shared network-accessible IEP policies that anyone else can use in their platform. We recommend you investigate the IEP TLP Policy File first, as TLP very commonly used within the intelligence sharing community.
FIRST TLP Policies
The FIRST IEP-SIG IEP 2.0 TLP Policies are designed to extend and codify each Traffic Light Protocol (TLP) level within a matching Information Exchange Policy. Each IEP-SIG TLP policy is aligned as much as possible with the information exchange requirements of the relevant TLP level. This was purposely done to allow implementers and platform developer to reuse these standard Policy Files in their own products. We hope these become the standard way that threat intelligence producers inform recipients of how they can use the information they receive.
FIRST IEP-SIG Unknown IEP
The FIRST IEP-SIG have also created a network accessible copy of the Unknown IEP Policy. This IEP is designed to be the most restrictive as possible, as it is only used when Implementations know that an IEP was applied, but are unable to find out what it was, no longer have a cached copy of the IEP, and are unable to contact the Provider of the information to provide guidance as to which IEP should be applied.
In this case the IEP Framework applies a default restrictive policy to the information to ensure that it cannot be shared to any other entity other than the Recipient.
The details are below:
