CompTIA SecurityX (CAS-005) is the expert-level cert formerly known as CASP+. It is not the advanced version of Security+. It is not where Security+ leads. They are completely different certifications aimed at people who are years apart in their careers.
If you are asking “Security+ or SecurityX?”, the answer is almost certainly Security+. But understanding why that’s true matters more than the answer itself.
SecurityX Is CASP+ Rebranded
CASP+ (CompTIA Advanced Security Practitioner) ran for years as the expert tier of CompTIA’s security stack. In 2024, CompTIA rebranded it: CASP+ became SecurityX, and the exam code moved from CAS-004 to CAS-005. CAS-004 retired in June 2025.
The rebrand came with a content update. CAS-005 covers four domains: Security Architecture, Security Operations, Security Engineering, and Governance, Risk, and Compliance. The focus is on enterprise security design, cloud security architecture, and cryptographic implementation at scale — not on learning what a firewall is.
If you hold a CASP+ certification, you hold what is now called SecurityX. The credential is the same lineage, and CE renewal requirements stayed the same. Nothing expired when the name changed.
If you have been studying CAS-004 materials: switch now. All current SecurityX prep covers CAS-005.
Who Security+ Is For
Security+ (SY0-701) is the entry point to a security career. CompTIA recommends two years of IT administration experience before sitting it. People with strong networking backgrounds or a security-focused degree often pass without hitting that exact bar.
The exam covers threats and vulnerabilities, network security, identity and access management, cryptography fundamentals, and security operations. Up to 90 questions in 90 minutes, with performance-based questions (PBQs) at the start of the exam. Passing score: 750 out of 900.
Security+ satisfies DoD 8570 IAM Level II requirements, which matters significantly for anyone targeting government, defense contractor, or federal agency roles. Outside government work, it is the baseline credential most security teams expect from junior hires.
Security+ does not make you a security engineer. It makes you credible enough to start becoming one. That is the right expectation going in.
Who SecurityX Is For
CompTIA recommends 10 years of IT experience and five years of hands-on security experience before sitting SecurityX. That is not a soft guideline. The exam scenarios involve architectural decisions at enterprise scale that only make sense to someone who has lived them.
SecurityX is designed for senior security engineers and security architects. It validates deep expertise in enterprise security design, cryptographic implementation at scale, and organizational security strategy. It satisfies DoD 8570 IAM Level III and Advanced Cybersecurity roles — CSSP Analyst, Infrastructure Support, Incident Responder, Auditor — that require it by regulation.
SecurityX is pass/fail. CompTIA does not publish a passing score. The exam includes scenario-based questions where there is no single textbook answer, only defensible judgment backed by real experience.
If you have four or five years in security and are weighing SecurityX as your next move: it is probably too early. Studying for it without the context means memorizing frameworks you cannot yet apply.
What Goes Between Them
Security+ to SecurityX is not a jump. It is a career arc that takes most people close to a decade.
CySA+ (CompTIA Cybersecurity Analyst, CS0-003) is the natural next step for anyone moving into threat analysis, SOC, or blue team work. It covers threat intelligence, SIEM operations, vulnerability management, and incident response at a depth Security+ only introduces.
PenTest+ (PT0-003) covers offensive security testing and is relevant for red team and penetration testing roles.
Outside the CompTIA stack, vendor-specific certs fill out the path depending on your environment. AWS Certified Security Specialty (SCS-C03) is worth pursuing for AWS-heavy infrastructure work. Microsoft SC-200 covers Sentinel and Defender for cloud security operations teams. The right mid-career certs depend on what you actually do at work.
One thing worth saying clearly: do not study for SecurityX early to “get ahead.” The certification validates real security leadership experience. The credential has value because the experience behind it has value. Passing the exam without a decade of context is a credential without a foundation.
Side by Side
| Security+ (SY0-701) | SecurityX (CAS-005) | |
|---|---|---|
| Level | Entry / mid | Expert |
| Experience recommended | 2 years IT | 10 years IT, 5 years security |
| Exam format | 90 questions, 90 min | Pass/fail, scenario-based |
| Passing score | 750 / 900 | Not published |
| DoD 8570 | IAM Level II | IAM Level III |
| Who it is for | Security career entry | Security architects, senior engineers |
| Formerly called | Security+ | CASP+ |
Pass-IT covers both Security+ (SY0-701) and SecurityX (CAS-005) with adaptive questions grounded in current exam objectives. Free trial, no credit card required.
