What is Protect Function?

The Protect function translates the understanding gained from the Identify function into concrete safeguards that limit or contain the impact of potential cybersecurity events. Its categories include identity management and access control (authentication, authorization, and access management), awareness and training (security awareness programs and role-based training), data security (protecting data at rest and in transit through encryption, integrity checking, and data handling procedures), information protection processes and procedures (maintaining security policies, baselines, and response plans), maintenance (performing maintenance on industrial control and information systems), and protective technology (managing technical security solutions like firewalls, IDS, and endpoint protection). The Protect function maps most directly to traditional security controls and is where organizations typically invest the majority of their cybersecurity budget. Effective implementation requires balancing protection across all categories rather than over-investing in technology while neglecting training or process controls. Organizations should align their Protect function investments with the risks identified in the Identify function, prioritizing safeguards that address the most significant threats to their most critical assets.