Cyber resilience with NIST CSF in 2025
Master cyber resilience in 2025 with this expert guide to the NIST Cybersecurity Framework. Learn how to assess risk, improve security posture, and automate compliance with AI-powered solutions from 6clicks.
-1.png?width=200&height=249&name=Group%20193%20(1)-1.png)
What are the core functions of the NIST CSF 2.0?
TL;DR: NIST CSF 2.0 includes six core functions—Identify, Protect, Detect, Respond, Recover, and the new Govern function—each representing a critical pillar of an effective, resilient cybersecurity program.
As presented in the 6clicks guide Cyber Resilience in 2025: Your Smart Guide to NIST CSF, the foundation of the framework is its Core Functions. These functions provide a high-level view of how cybersecurity activities are structured—from understanding risk to responding to and recovering from incidents.
In the 2023 update (version 2.0), NIST introduced a sixth function—Govern—highlighting the growing need for clear cybersecurity oversight and accountability.
The six core functions of NIST CSF 2.0
-
Govern (new in 2.0)
Establishes cybersecurity strategy, roles, responsibilities, and oversight.
Focus: leadership, policies, governance structure, third-party risk. -
Identify
Understands business context, assets, risk, and dependencies.
Focus: risk assessments, asset management, supply chain. -
Protect
Implements safeguards to limit or contain potential events.
Focus: IAM, awareness training, data security, endpoint protection. -
Detect
Enables timely discovery of cybersecurity events.
Focus: monitoring, threat detection, logging. -
Respond
Takes action during a detected incident to minimize impact.
Focus: incident response, forensics, coordination, reporting. -
Recover
Restores capabilities after an incident.
Focus: recovery planning, improvements, communications.
Why these functions matter
-
Comprehensive coverage: Together, the functions span strategy to execution, from prevention through recovery.
-
Framework agnostic: They can be used with ISO, CIS Controls, COBIT, and others—ensuring flexibility.
-
Role clarity: Each function aligns with specific roles (e.g., IT, legal, executive) for clearer accountability.
-
Outcome-driven: Enables measurable progress and resilience building, not just checklist compliance.
In 2025 and beyond, these six functions help organizations manage risk holistically while staying prepared for ever-evolving cyber threats.
Need help aligning your team with the six core functions of NIST CSF 2.0?
Book a demo with 6clicks today to see how our platform operationalizes each function—governance, protection, detection, and more—through assessments, workflows, and compliance automation.
.png?width=302&height=170&name=The%20Future%20of%20Cyber%20GRC%20Expert%20Guide%20eBook%20(2).png)
