The NRF Cyber Risk Exchange is an Information Sharing and Analysis Organization (ISAO) operated by the National Retail Federation (NRF) and supporting cybersecurity information sharing within the retail industry. NRF established this ISAO in 2014, pursuant to Executive Order 13691 and was one of the first organizations to be recognized by the federal government as an ISAO.

Through its cybersecurity program, NRF helps retailers protect themselves and their customers from cyber threats, enabling them to better understand, manage and monitor cyber risks. Through information sharing, research, education, networking and advocacy services, NRF helps members collaborate with their peers in the retail sector and advance their own cybersecurity programs.

ISAO Services and Capabilities:

• Real-time information sharing. Leverage the NRF Cyber Risk Exchange portal and promote the sharing of cyber threat indicators that provide tactical assistance in blocking or detecting malicious activity targeting a retailer’s environment.
• Access to cybersecurity resources. Benchmarking, research and publications on NRF Cyber Risk Exchange offer information on the evolution of best practices and the cybersecurity maturity model. NRF actively engages retail executives through education and outreach initiatives such as tabletop exercises.
• Industry representation and advocacy efforts. Retailers can work with government authorities to get relevant threat information. NRF Cyber Risk Exchange participants help elected officials and regulatory agencies understand the impact of cybersecurity policy decisions on the retail industry and consumers.