[Yaelle]

Wouldn't code red be once an attack had started? Or if for some reason someone got ahold of proof that something was about to happen in a couple minutes/hours?

[Semper Paratus]

Wouldn't code red be once an attack had started?

Code red would trigger a nationwide shutdown of ports airports, most transportation, meaning a terrorist attack was in motion.

[Dont Mention the War]

Wouldn't code red be once an attack had started? Or if for some reason someone got ahold of proof that something was about to happen in a couple minutes/hours?

I would say the alloted time from would be a bit longer, allowing for attacks that appear imminent within days, not just minutes or hours, but you've got the gist as far as I can tell. They do appear, though, to intentionally keep the criteria for each threat level somewhat open-ended. Here's the official line:

4. High Condition (Orange). A High Condition is declared when there is a high risk of terrorist attacks. In addition to the Protective Measures taken in the previous Threat Conditions, Federal departments and agencies should consider the following general measures in addition to the agency-specific Protective Measures that they will develop and implement:

• Coordinating necessary security efforts with Federal, State, and local law enforcement agencies or any National Guard or other appropriate armed forces organizations;
• Taking additional precautions at public events and possibly considering alternative venues or even cancellation;
• Preparing to execute contingency procedures, such as moving to an alternate site or dispersing their workforce; and
• Restricting threatened facility access to essential personnel only.

5. Severe Condition (Red). A Severe Condition reflects a severe risk of terrorist attacks. Under most circumstances, the Protective Measures for a Severe Condition are not intended to be sustained for substantial periods of time. In addition to the Protective Measures in the previous Threat Conditions, Federal departments and agencies also should consider the following general measures in addition to the agency-specific Protective Measures that they will develop and implement:

• Increasing or redirecting personnel to address critical emergency needs;
• Assigning emergency response personnel and pre-positioning and mobilizing specially trained teams or resources;
• Monitoring, redirecting, or constraining transportation systems; and
• Closing public and government facilities.

As you can see, the color code system is set up more as a directive as to what various government agencies and those working in industries that would serve as potential targets should do at each level, than as a guide for the public. Here's a sentence from the original March 2002 announcement of the color codes:

The assignment of a Threat Condition shall prompt the implementation of an appropriate set of Protective Measures. Protective Measures are the specific steps an organization shall take to reduce its vulnerability or increase its ability to respond during a period of heightened alert.

So in the end, every color can be whatever the DHS decides it is.

[Dont Mention the War]

Also from that March 2002 document:

A decision on which Threat Condition to assign shall integrate a variety of considerations. This integration will rely on qualitative assessment, not quantitative calculation. Higher Threat Conditions indicate greater risk of a terrorist act, with risk including both probability and gravity. Despite best efforts, there can be no guarantee that, at any given Threat Condition, a terrorist attack will not occur. An initial and important factor is the quality of the threat information itself. The evaluation of this threat information shall include, but not be limited to, the following factors:

1. To what degree is the threat information credible?
2. To what degree is the threat information corroborated?
3. To what degree is the threat specific and/or imminent?
4. How grave are the potential consequences of the threat?

(Emphasis mine.)