Skip to content

Name and explain the core functions of the NIST Cybersecurity Framework.

Short answer

The NIST Cybersecurity Framework organises cybersecurity outcomes into core functions. In CSF 2.0 there are six: Govern (the new overarching function for strategy, roles, risk decisions, and oversight), Identify (understand assets and risks), Protect (safeguards to limit impact), Detect (find events), Respond (act on incidents), and Recover (restore capabilities). They are not strictly sequential — they run continuously and together describe a full lifecycle of managing cyber risk.

The NIST Cybersecurity Framework is a voluntary, outcome-based way to organise and communicate cyber risk. It is widely used as a common language between technical teams and executives. Interviewers ask this to check you know the structure and that you are current on CSF 2.0.

The core functions

CSF 2.0 (released 2024) defines six functions:

  • Govern — the newest function. It sets the organisation's cybersecurity strategy, expectations, roles and responsibilities, policy, and risk-management decisions. It informs all the others.
  • Identify — understand assets, suppliers, data, and the risks to them.
  • Protect — safeguards to manage risk and limit the impact of events (access control, training, data security).
  • Detect — find and analyse possible attacks and compromises.
  • Respond — take action once an incident is detected: containment, analysis, communication.
  • Recover — restore assets and operations affected by an incident.

These are not phases you complete once; they operate continuously and reinforce one another.

How it is used

The functions break down into categories and subcategories (specific outcomes). Organisations use Profiles to describe current vs target state, and Tiers to express how rigorous and integrated their risk practices are. The CSF deliberately points to other standards (like NIST SP 800-53 or ISO 27001) for the "how."

Why this matters

The big tell in 2026 is whether a candidate mentions Govern — its addition in CSF 2.0 reflects that cybersecurity is a board-level risk discipline, not just a technical one. Naming all six functions and explaining that Govern wraps the others shows you are up to date.

Likely follow-ups

  • What did CSF 2.0 change compared with version 1.1, and why was Govern added?
  • How do Framework Profiles and Tiers help an organisation use the CSF?
  • How would you map your existing controls to the CSF functions and categories?

Sources

Certifications

Get 100 cybersecurity interview questions + answers

Drop your email and we'll send you the free PDF pack and the flashcard deck.

No spam. Unsubscribe anytime.