diff --git a/misp_stix_converter/converters/buildMISPAttribute.py b/misp_stix_converter/converters/buildMISPAttribute.py
index 0a4a28d..62c33e2 100644
--- a/misp_stix_converter/converters/buildMISPAttribute.py
+++ b/misp_stix_converter/converters/buildMISPAttribute.py
@@ -270,6 +270,16 @@ def buildEvent(pkg, **kwargs):
         log.debug("Found description %s", pkg.description)
         event.add_attribute("comment", pkg.description)
 
+    if pkg.stix_header and hasattr(pkg.stix_header, "handling") and hasattr(pkg.stix_header.handling, "marking"):
+        for m in pkg.stix_header.handling.marking:
+            if hasattr(m, "controlled_structure") and hasattr(m.controlled_structure, "color"):
+                tlp = m.controlled_structure.color.lower()
+                log.debug("Found TLP %s", tlp)
+                tlp_tag = "tlp:" + tlp
+                log.debug("Add %s as MISP tag", tlp_tag)
+                event.add_tag(tlp_tag)
+                break
+
     log.debug("Beginning to Lint_roll...")
     ids = []
     to_process = []
diff --git a/misp_stix_converter/converters/convert.py b/misp_stix_converter/converters/convert.py
index 05af683..4c7e281 100644
--- a/misp_stix_converter/converters/convert.py
+++ b/misp_stix_converter/converters/convert.py
@@ -120,11 +120,6 @@ def load_stix(stix):
 
             ns_map = stixXml.nsmap
 
-            # Remove any "marking" sections because the US-Cert is evil
-            log.debug("Removing Marking elements...")
-            for element in stixXml.findall(".//{http://data-marking.mitre.org/Marking-1}Marking"):
-                element.getparent().remove(element)
-
             log.debug("Writing cleaned XML to Tempfile")
             f = SpooledTemporaryFile(max_size=10 * 1024)
             f.write(etree.tostring(stixXml))
@@ -153,6 +148,18 @@ def load_stix(stix):
                     g.write(f.read())
                 raise STIXLoadError("Could not load stix file. {}".format(ex))
 
+        log.debug("Removing Marking elements except TLP...")
+        if hasattr(stix_package, 'stix_header') and hasattr(stix_package.stix_header, 'handling') and hasattr(stix_package.stix_header.handling, 'marking'):
+            for m in stix_package.stix_header.handling.marking:
+                if hasattr(m, 'marking_structures'):
+                    for ms in m.marking_structures:
+                        if hasattr(ms, 'color'):
+                            log.debug('TLP found in marking_structures:%s', ms.color)
+                            log.debug('Clear all handling elements')
+                            stix_package.stix_header.handling.clear()
+                            log.debug('Add only TLP marking_structures')
+                            stix_package.stix_header.handling.add_marking(ms)
+                            break
         return stix_package
 
     elif isinstance(stix, (str, bytes)):