Quiz Entry - updated: 2026.07.14
What are the six Functions of the NIST CSF v2.0?
Identify, Protect, Detect, Respond, Recover, and (new in v2.0) Govern.
* CSF v2.0 Functions as a wheel: Govern at the hub tying together Identify, Protect, Detect, Respond, Recover. *
| Function | Purpose | Where in the incident lifecycle |
|---|---|---|
| Identify | Understand your asset inventory and risk landscape | Before |
| Protect | Develop and implement preventative controls | Before |
| Detect | Identify the occurrence of a security incident | During |
| Respond | Take action to address an incident | During |
| Recover | Resiliency and recovery after an incident | After |
| Govern | Establish and oversee risk-management strategy, policies, roles (added in CSF 2.0, 2024) | Always |
The original five (Identify/Protect/Detect/Respond/Recover) map roughly onto a security incident timeline: prevention → detection → response → recovery. Govern was added in 2024 because the original CSF was criticised for under-emphasising the management layer — who decides on risk appetite, allocates budget, owns policy.
Tip: A common memory aid: "I PDRR with Govern in the middle" — Identify is what you have, PDRR is the timeline of a bad day, Govern is the management thread tying them all together.
Go deeper:
The NIST CSF 2.0 (CSWP 29) — the authoritative description of the six Functions and why Govern now sits at the centre.
NIST Cybersecurity Framework (Wikipedia) — quick reference confirming the 6 Functions, 22 Categories, 106 Sub-categories of v2.0.