LOGBOOK

HELP

Quiz Entry - updated: 2026.07.05

What are the five Functions of the NIST CSF Core?

Identify, Protect, Detect, Respond, Recover — the five pillars of a holistic cybersecurity program.

Die NIST-CSF-Funktionen Identify, Protect, Detect, Respond, Recover (plus Govern) als Kreis.

* The CSF Core functions as a wheel — Identify, Protect, Detect, Respond, Recover, with Govern (added in CSF 2.0) at the center. — NIST, Public domain, via Wikimedia Commons. *

The Functions are the highest level of abstraction in the Core. They organize security work along the lifecycle of an incident:

  1. Identify (ID) — know your assets, risks, and responsibilities
  2. Protect (PR) — put safeguards in place
  3. Detect (DE) — notice when something goes wrong
  4. Respond (RS) — contain and handle the incident
  5. Recover (RC) — restore services and learn from it

They let organizations express their cybersecurity risk management at a high level — board-room compatible, yet decomposable into concrete activities.

Tip: The order tells a story: before an incident (Identify, Protect), during (Detect, Respond), after (Recover). Mnemonic: "I Put Down Ransomware Rapidly".

Note: CSF version 2.0 (2024) added a sixth function, Govern (GV) — but the classic five-function model is still the foundation you'll see in most adaptations (including the IKT Minimalstandard).

Go deeper:

From Quiz: ISM / Frameworks — NIST CSF & IKT Minimalstandard | Updated: Jul 05, 2026