Yes sha256 is a hashing function used in the protocol. A hashing function is 'easy' to compute one way but difficult to compute the other way. Other hashing functions are SHA1 and MD5. MD5 is partly broken, lots of collisions.
From satoshi:
SHA-256 is very strong. It's not like the incremental step from MD5 to SHA1. It can last several decades unless there's some massive breakthrough attack.
If SHA-256 became completely broken, I think we could come to some agreement about what the honest block chain was before the trouble started, lock that in and continue from there with a new hash function.
If the hash breakdown came gradually, we could transition to a new hash in an orderly way. The software would be programmed to start using a new hash after a certain block number. Everyone would have to upgrade by that time. The software could save the new hash of all the old blocks to make sure a different block with the same old hash can't be used.