CASP+
CompTIA Advanced Security Practitioner+
CompTIA's SecurityX (formerly CASP+, current exam code CAS-005) is one of the few vendor-neutral advanced certifications for technical security experts without management focus. It deliberately positions itself as a technical alternative to CISSP and is recognized by DoD and US government agencies as an 8570-compliant credential, which is a real advantage in government environments. In the private sector, market perception is mixed: CISSP clearly dominates job postings, but SecurityX provides a credible signal for technically deep skills. The pass/fail format without score disclosure is unusual and criticized by some as lacking transparency. Performance-based questions increase the practical rigor.
A new version is in rollout — confirm which one is currently scheduled. End-of-life: 2025-12. CompTIA rebrands CASP+ as SecurityX (CAS-005) in late 2024; CAS-004 retires 2025-12. Confirm the active version when scheduling.
› Quality score
Four-axis SecProve rubric, each 0–10. SecProve editorial assessment — each axis carries a written justification so you can push back on any single call without dismissing the whole score.
› Market signals
public, citable inputs to the recognition score› Exam format
Max. 90 questions (multiple-choice + performance-based), 165 minutes, proctored via Pearson VUE. Passing threshold: Pass/Fail.
First retake immediate; 14-day wait before each subsequent attempt.
› Recertification
Valid for 3 years. Renewal through 75 CEUs or re-exam. Automatically renews all lower-level certs (Security+, CySA+, PenTest+).
› NICE Framework work roles
The NIST NICE work-role IDs this cert maps to. NICCS lookup.
› Core domains covered
The 3 domains this cert is centrally about. Passing the exam demonstrates working knowledge of each.
Reference architectures, control frameworks (NIST SP 800-53, CIS Controls), secure-by-design patterns, threat modeling, trust-boundary design, technology standards.
OWASP Top 10, secure SDLC, SAST/DAST/IAST, API security, code review, DevSecOps.
AWS/Azure/GCP security controls, IAM policies, CSPM, container security, shared responsibility model.
› Prerequisites
No formal prerequisites. Recommended: 10 years IT experience, including 5 years hands-on security.
› Progression
requiredrecommendedWhere this cert fits in the typical learning path. Required edges are vendor-gated; recommended edges reflect de facto industry progression.
No vendor-gated prereqs.
No certs require this one.
No follow-on certs reference this one yet.
› Study materials
Curated starting points. Not exhaustive — vet each against your learning style and the current exam version.
- CompTIA CASP+ Study Guide (CAS-004) by Nadean Tanner — Sybex
- CompTIA Advanced Security Practitioner (CASP+) Cert Guide — Pearson IT Certification
- Boson ExSim-Max for CASP+ CAS-004
› Version & lifecycle
CompTIA rebrands CASP+ as SecurityX (CAS-005) in late 2024; CAS-004 retires 2025-12. Confirm the active version when scheduling.
› Salary signal
Senior security engineer / DoD security professional, US, 5+ years. Concentrated in defense / federal contractor roles.
Robert Half Salary Guide + DoD 8140 listing data · 2024 · US base only · p25–p75 range
› How it compares
CISSP carries broader hiring-manager recognition outside DoD; CASP+ has no AMF and is hands-on-flavored.
↔ Compare side-by-side› Careers that commonly pursue this cert
Design, build, and maintain security infrastructure. The architects of an organization's defensive posture.
Owns the end-to-end find → prioritize → fix → verify loop at scale, now increasingly AI-driven.
External-first role: inventories what an attacker can see, tracks what's new, and drives closure through the org. The outside-in counterpart to vuln management.
See this cert’s domains highlighted on the interactive map, or compare it against the rest of the catalog.