What are the five Functions of the NIST CSF Core?
Identify, Protect, Detect, Respond, Recover — the five pillars of a holistic cybersecurity program.

* The CSF Core functions as a wheel — Identify, Protect, Detect, Respond, Recover, with Govern (added in CSF 2.0) at the center. — NIST, Public domain, via Wikimedia Commons. *
The Functions are the highest level of abstraction in the Core. They organize security work along the lifecycle of an incident:
- Identify (ID) — know your assets, risks, and responsibilities
- Protect (PR) — put safeguards in place
- Detect (DE) — notice when something goes wrong
- Respond (RS) — contain and handle the incident
- Recover (RC) — restore services and learn from it
They let organizations express their cybersecurity risk management at a high level — board-room compatible, yet decomposable into concrete activities.
Tip: The order tells a story: before an incident (Identify, Protect), during (Detect, Respond), after (Recover). Mnemonic: "I Put Down Ransomware Rapidly".
Note: CSF version 2.0 (2024) added a sixth function, Govern (GV) — but the classic five-function model is still the foundation you'll see in most adaptations (including the IKT Minimalstandard).
Go deeper:
NIST CSF 2.0 Reference Tool (interaktiv) — Interaktives offizielles Tool, um Funktionen, Kategorien und Subkategorien aufzuklappen.