← Cybersecurity Alphabet Soup

PAP

Permissible Actions Protocol

operationshard

PAP is a companion scheme to TLP that tells recipients what they may do with threat intelligence, such as whether they can actively probe attacker infrastructure or only use it passively. It uses similar color codes to keep handling rules simple and consistent. It matters because acting carelessly on shared intel, like scanning an attacker's server, can tip off the adversary and burn an investigation.

Sources

More in operations