NIST CSF organizes security around 5 functions:
Identify (assets, risks),
Protect (safeguards),
Detect (events),
Respond (incidents),
Recover (restore).
CSF 2.0 (2024) adds a 6th function: Govern. Voluntary for non-federal but widely adopted. Provides common language for cybersecurity. Maps to other frameworks (ISO 27001, CIS Controls). Use to structure security programs and board-level reporting.