CompTIA renamed CASP+ to SecurityX (exam code CAS-005) in late 2024. If you searched for "CompTIA CASP" and landed here mid-study-plan, the short version is: same credential tier, updated content domains, new name. The CAS-004 exam (the version most study materials still reference) is retired. CAS-005 is what you're sitting now. This guide covers what the exam actually tests, whether it's worth the $458 fee, and what the career trajectory looks like after you pass.
What CompTIA CASP+ Tests — and Why It Was Renamed
The CompTIA CASP+ credential was always an odd fit in the certification landscape. It sits above Security+ but below the management-track certifications like CISSP and CISM. The practical framing is deliberate: CASP+ targets practitioners who want to stay technical rather than move into governance or executive roles. A CISO-track person takes CISSP. A hands-on architect or senior engineer running security operations takes CASP+.
The rename to SecurityX reflects a content update more than a repositioning. CAS-005 added expanded coverage of:
- AI and ML security risks — adversarial inputs, model poisoning, securing AI pipelines
- Zero trust architecture — micro-segmentation, identity-based perimeter, continuous verification
- Cloud-native security — container security, serverless environments, multi-cloud governance
- OT/ICS environments — securing operational technology and industrial control systems
The exam still tests the same core competencies that defined CASP+: enterprise security architecture, risk management, cryptography, vulnerability assessment, and incident response at scale. If your study materials reference CAS-004 domains, they're roughly 80% applicable to CAS-005. Just add the AI security and zero trust content before you sit.
Who Should Pursue CompTIA CASP+ — and Who Shouldn't
CompTIA recommends 10 years of IT experience with at least 5 in hands-on security roles before sitting the exam. That's not marketing padding — the performance-based questions on this exam require you to actually configure, diagnose, and reason through scenarios, not pattern-match against memorized definitions.
The credential makes sense if you're in one of these roles:
- Security architect designing enterprise network and application security controls
- Senior security engineer implementing security solutions across hybrid environments
- Security operations lead responsible for incident response and threat hunting programs
- DoD contractor — CASP+/SecurityX satisfies DoD 8570.01-M IAT Level III and IAM Level II requirements
- Technical security consultant working across multiple client environments
Who probably shouldn't take it right now: anyone who passed Security+ in the last 12 months and is looking for a logical "next step." The jump from Security+ to CASP+ is not incremental — it's a different category of exam. A Security+ candidate answering conceptual questions about what a firewall does; a CASP+ candidate is configuring a segmented DMZ architecture for a scenario with specific compliance requirements and a compromised insider threat. If you don't have the practical hours, study materials won't bridge that gap.
Exam Format, Cost, and What to Expect
The CAS-005 exam has the following structure:
- Questions: Up to 90 (mix of multiple-choice and performance-based)
- Duration: 165 minutes
- Passing score: No fixed numeric score — CompTIA uses a scaled scoring system; the exam is pass/fail
- Cost: $458 USD (exam vouchers sometimes available via Pearson VUE or employer reimbursement)
- Delivery: Pearson VUE test centers or online proctored
- Renewal: 3-year cycle, 75 CE credits required (or retake)
The performance-based questions (PBQs) are where most candidates run into trouble. These are simulated environments where you're asked to do things: analyze a network diagram and identify misconfigurations, select appropriate cryptographic controls for a given scenario, review log output and identify indicators of compromise. You cannot cram PBQs with flashcards. They require actual familiarity with the tooling and concepts.
Practical advice: PBQs appear at the start of the exam. Many candidates skip them and return later. That's a viable strategy if you're anxious about time, but don't skip them entirely — they carry significant weight. Budget roughly 3-4 minutes per PBQ and about 90 seconds per standard question.
Career Outcomes and Salary After CompTIA CASP+
According to CompTIA's State of Cybersecurity report and salary aggregators including Glassdoor and CyberSeek, professionals holding CASP+ or its SecurityX equivalent report median salaries in the $110,000–$135,000 range in the US, with significant variation by metro area and role type.
The certification's strongest ROI case is in federal and defense contracting. DoD 8570.01-M mandates specific certifications for privileged access roles, and CASP+/SecurityX satisfies multiple requirement tiers that Security+ does not. Federal IT contractors in cleared roles with CASP+ routinely command a $15,000–$25,000 salary premium over Security+-only holders for IAT Level III positions.
For private sector professionals, the credential functions more as a signal than a standalone salary driver. It demonstrates you're operating at a senior technical level and choosing to stay technical rather than pivoting to management. Combined with role-specific experience (cloud security, red team, DevSecOps), CASP+ strengthens a resume in a market that increasingly asks for both depth and breadth.
Job titles commonly associated with CASP+:
- Senior Security Engineer ($105K–$145K)
- Security Architect ($120K–$165K)
- Information Systems Security Officer (ISSO) — federal ($95K–$130K)
- Cybersecurity Analyst III ($100K–$130K)
- Penetration Tester / Red Team Lead ($110K–$150K)
Top Courses for CompTIA CASP+ and SecurityX Prep
Most of the dedicated CASP+ course libraries are dated (covering CAS-003 or CAS-004). For CAS-005 prep, your best strategy is combining a practice exam resource with a current-domain study guide. The courses below reflect the most relevant options available now.
CompTIA SecurityX (CAS-005) 6 Practice Exams
The most directly relevant resource for the current exam. Six full-length practice exams that mirror the CAS-005 question format, including performance-based question simulations. Use these after you've covered the domain material — not before — to identify gaps rather than pattern-match your way through.
CompTIA Security+ (SY0-701) Exam Prep 2026
If you're on the path toward CASP+ but haven't cleared Security+ yet, this is the correct starting point. It covers the foundational domains that CAS-005 builds on — particularly cryptography, network security, and access control — in the depth you'll need before the advanced material makes sense.
CompTIA Security+ (SY0-701) 1,000+ Practice Questions 2026
A question bank for Security+ that also serves as a diagnostic for anyone preparing for CASP+. If you're scoring consistently above 85% on these, your foundational knowledge is solid enough to move up. Gaps here will compound significantly at the CAS-005 level.
CompTIA SecAI+ Fundamentals: AI Cybersecurity Basics (CY0-001)
The AI security content added to CAS-005 is genuinely new territory for many experienced security practitioners. This course covers the AI threat landscape, adversarial machine learning, and securing AI systems — the exact domain gaps that CAS-005 introduced relative to the old CASP+ content.
CompTIA CASP+ FAQ
Is CompTIA CASP+ still a valid certification or has it been discontinued?
CASP+ has been rebranded, not discontinued. The CAS-004 exam retired in 2024 and has been replaced by CompTIA SecurityX (CAS-005). Existing CASP+ certifications remain valid through their 3-year renewal cycle. New candidates sit CAS-005 under the SecurityX name. For practical purposes, hiring managers and DoD compliance teams recognize both names as the same credential tier.
How does CompTIA CASP+ compare to CISSP?
These credentials target different career tracks, not different experience levels. CISSP is management and governance-oriented — it tests whether you can design security programs, manage risk at an organizational level, and communicate with executives. CASP+/SecurityX is practitioner-oriented — it tests whether you can actually implement security controls, analyze technical threats, and operate in hands-on roles. A CISO needs CISSP. A senior security engineer who wants to stay technical gets more value from CASP+. Some professionals hold both.
What experience do you actually need before taking CompTIA CASP+?
CompTIA's recommendation of 10 years total IT experience (5 in security) is a rough guideline, not a gate. The more useful benchmark: can you read through an incident response scenario, identify what went wrong at a technical level, and propose specific remediation? If you're still learning what a VLAN is or how TLS handshakes work, you're not ready. If you've been running security operations, conducting assessments, or designing enterprise architecture for 4-6+ years, the exam content will be challenging but accessible.
Does CompTIA CASP+ satisfy DoD 8570 requirements?
Yes. CompTIA CASP+ (and its replacement, SecurityX) satisfies DoD 8570.01-M baseline requirements for IAT Level III and IAM Level II. This is one of the primary drivers of demand for the credential in the federal contracting market. If you're pursuing cleared roles that require elevated system access, verify the specific job requirements — some positions require additional credentials alongside CASP+.
How hard is the CASP+ exam compared to Security+?
Substantially harder — not marginally. Security+ is primarily a knowledge-recall exam with some scenario questions. CASP+ is designed to test applied judgment under realistic enterprise conditions. The performance-based questions in particular require you to reason through ambiguous situations where multiple options might be partially correct. Candidates who passed Security+ on the first attempt often take two or three attempts at CASP+. Plan your study timeline accordingly.
How long does it take to prepare for CompTIA CASP+?
For professionals who meet the experience baseline, realistic preparation runs 3–6 months of structured study. That includes working through the official CompTIA study guide, completing practice exams, and specifically building familiarity with the performance-based question format through lab exercises. Candidates who attempt to compress this into 4–6 weeks without substantial prior hands-on experience have a high failure rate.
Bottom Line
CompTIA CASP+ — now SecurityX CAS-005 — is the right credential if you're a working security practitioner who wants to formalize advanced skills without pivoting toward management. The DoD compliance angle makes it nearly mandatory for federal contractors in elevated-access roles. For private sector professionals, it validates senior technical competence and positions you for architect and engineering lead roles that Security+ alone won't get you into.
It is not a credential to pursue speculatively or ahead of the experience curve. The exam is genuinely hard for candidates without deep hands-on background, and the study materials currently available for CAS-005 are thinner than what existed for CAS-004. Account for that gap in your prep plan.
If you're starting prep now: get the CAS-005 practice exams to benchmark your current state, identify your weak domains, then study those specifically. Blanket review of all domains is a less efficient use of 165-minute exam time than targeted preparation in the areas where your practical experience is thinnest.