Skip to main content
ResiPlan
Risk Management

NIST CSF 2.0: Complete Table of 6 Functions and 23 Categories (2026)

Reference table of the 6 functions (Govern, Identify, Protect, Detect, Respond, Recover) and 23 categories of NIST CSF 2.0 — with tactical controls, examples, prioritization matrix. 2026 ready-to-use guide.

ResiPlan TeamNIST CSF and risk management experts10 min
NIST CSF 2.0: Complete Table of 6 Functions and 23 Categories (2026)
NIST
NIST CSF
CSF 2.0
Govern
Identify
Protect
Detect
Respond
Recover
Cybersecurity
Table

The NIST Cybersecurity Framework 2.0 (released February 26, 2024) structures an organization's cybersecurity into 6 high-level functions and 23 categories. This reference table is the most widely used matrix worldwide to map cyber posture. This article delivers the complete table with tactical control examples, prioritization matrix, and category cross-mapping.

Overview: 6 functions

FunctionCodePurpose
GovernGVEstablish, communicate and oversee cyber strategy (new in CSF 2.0)
IdentifyIDUnderstand assets, risks, dependencies
ProtectPRImplement safeguards
DetectDEQuickly identify an incident
RespondRSContain and treat
RecoverRCRestore and improve

Complete table — 23 categories

Govern (6 categories)

CodeCategoryTactical control example
GV.OCOrganizational ContextMapping of missions, stakeholders, regulatory requirements
GV.RMRisk Management StrategyRisk management policy, appetite, tolerance
GV.RRRoles, Responsibilities, AuthoritiesCyber RACI, cyber competence at executive level
GV.POPolicyApproved cyber policy, annually reviewed
GV.OVOversightExecutive KPIs, performance indicators
GV.SCCybersecurity Supply Chain Risk ManagementSupplier evaluation, contracts, subcontracting

Identify (3 categories)

CodeCategoryTactical control example
ID.AMAsset ManagementUp-to-date CMDB (hardware, software, data, services)
ID.RARisk AssessmentEBIOS RM, ISO 27005, FAIR — periodic evaluation
ID.IMImprovementLessons learned from incidents and exercises

Protect (5 categories)

CodeCategoryTactical control example
PR.AAIdentity Management, Authentication, Access ControlMFA, SSO, privileged account management
PR.ATAwareness & TrainingQuarterly simulated phishing, role-specific training
PR.DSData SecurityAt-rest, in-transit encryption, HSM keys
PR.PSPlatform SecurityOS hardening, CIS baselines, patch management
PR.IRTechnology Infrastructure ResilienceNetwork redundancy, DRP, fallback sites

Detect (2 categories)

CodeCategoryTactical control example
DE.CMContinuous MonitoringSIEM, EDR, NDR, behavioral analysis
DE.AEAdverse Event Analysis24/7 SOC, IOC analysis, threat hunting

Respond (4 categories)

CodeCategoryTactical control example
RS.MAIncident ManagementCrisis cell, RAPID framework
RS.ANIncident AnalysisForensic, root cause, scope
RS.COIncident Response Reporting & CommunicationCSIRT notification, internal/external comms
RS.MIIncident MitigationIsolation, containment, eradication

Recover (3 categories)

CodeCategoryTactical control example
RC.RPIncident Recovery Plan ExecutionBackup restoration, DRP, tests
RC.COIncident Recovery CommunicationsReturn-to-normal communication
RC.IMImprovementsPlan updates with AAR

Prioritization matrix for an SME (NIS2 essential/important)

An SME cannot cover everything at once. Here is a pragmatic prioritization matrix:

PriorityCategories to cover firstRationale
P1 (3 months)GV.PO, GV.RM, ID.AM, PR.AA, RS.MAPolicy, risk, assets, access, incident — the 5 fundamentals
P2 (6 months)GV.SC, ID.RA, PR.DS, DE.CM, RC.RPSupply chain, detailed assessment, data, monitoring, recovery
P3 (12 months)GV.RR, GV.OV, PR.AT, PR.PS, PR.IR, DE.AE, RS.AN, RS.CO, RS.MI, RC.COFull coverage
ContinuousGV.OC, ID.IM, RC.IMContext monitoring + continuous improvement

Cross-mapping NIST CSF 2.0 ↔ NIS2 ↔ DORA ↔ ISO 27001

NIST CSF 2.0NIS2 Art. 21DORAISO 27001
GV.OC, GV.PO(a) policiesArt. 5A.5.1
GV.RM(a) policies + riskArt. 6A.5.4
GV.SC(d) supply chainArt. 28A.5.19
ID.AM, ID.RA(b) handling, (c) BCPArt. 8A.8.1, A.5.7
PR.AA(j) MFA + ACSArt. 9A.5.15, A.8.2
PR.DS(h) cryptoArt. 9A.8.24
DE.CM, DE.AE(e) detectionArt. 10A.8.16
RS.MA, RS.CO(b) reporting + (c) BCPArt. 17A.5.24
RC.RP, RC.IM(c) crisis & continuityArt. 11A.5.30

See our complete NIST CSF 2.0 guide and DORA vs NIS2.

How ResiPlan automates cross-mapping

The Multi-framework Mapping module (/features/multi-framework-mapping) provides:

  • Pre-wired mapping NIST CSF 2.0 ↔ ISO 27001 ↔ NIS2 ↔ DORA ↔ ANSSI EBIOS RM.
  • Coverage dashboard (% per category).
  • Automatic gap detection (control claimed in one framework but no evidence).
  • One-click multi-framework compliance reports.

Start a free ResiPlan trial — your coverage matrix in 1 day.

Further reading

Found this useful?
Share it with your team.
LinkedInX

Try ResiPlan for free

14-day trial, no credit card. Import your risks and plans in minutes.

Start free trialTalk to an expert

Related articles

Risk Management

EBIOS RM ANSSI 2026 (English): 5 Workshops + Risk Scoring Guide

ANSSI EBIOS Risk Manager guide in English: 5 workshops step-by-step (scoping, risk sources, strategic/operational scenarios, treatment), risk scoring methodology, attack paths, collateral damage. Worked examples for 2026.

16 minRead article
Risk Management

FAIR vs ISO 27005: Which Risk Methodology to Choose?

Detailed comparison of FAIR and ISO 27005: approaches, strengths, limitations, use cases and hybrid approach for your risk management programme.

4 minRead article
Compliance

NIST CSF 2.0: Complete Guide to the 2024 Cybersecurity Framework

NIST Cybersecurity Framework 2.0 explained: 6 functions (Govern, Identify, Protect, Detect, Respond, Recover), profiles, tiers and concrete 2026 implementation.

14 minRead article
NIST CSF 2.0: Complete Table of 6 Functions and 23 Categories (2026) — ResiPlan