From CASP+ to SecurityX: What Actually Changed (and What Didn't)

From CASP+ to SecurityX: What Actually Changed (and What Didn't)

The CompTIA Advanced Security Practitioner (CASP+) certification was rebranded to SecurityX in late 2024, and the CAS-004 exam retired on June 17, 2025. For working security professionals tracking the CompTIA portfolio, the rebrand raises practical questions: is my CASP+ still valid? Is SecurityX a new certification or the same one with a new name? Should I study CAS-004 material or CAS-005?

This guide answers those questions cleanly. The short version: the rebrand affected positioning more than substance, but the CAS-005 exam itself is meaningfully different from CAS-004. Understanding that distinction is the difference between studying the right material and studying retired content.

What the rebrand actually did

CompTIA introduced the Xpert Series in 2024 — a new tier of advanced certifications positioned above the intermediate (CySA+, PenTest+) and below the gap that CISSP traditionally fills for managerial-track professionals. CASP+ was the first existing certification absorbed into the Xpert Series under a new name: SecurityX.

Three changes happened simultaneously:

  1. Brand positioning. The "Advanced Security Practitioner" name was retired in favour of "SecurityX" to align with the Xpert Series naming convention (DataX, CloudNetX, SecurityX).
  2. Exam refresh. A new exam version, CAS-005, replaced CAS-004 with restructured domains, expanded content (AI/emerging tech impact, Zero Trust integration, IaC), and updated weighting.
  3. Product line restructure. The CertMaster Learn product was replaced for SecurityX by CertMaster Perform, a more comprehensive product designed around diagnostic-led learning for experienced professionals.

What did NOT happen:

  • CASP+ certifications were not invalidated.
  • Existing CASP+ holders did not need to retake.
  • The CE program was not reset.

What current CASP+ holders need to know

If you hold an active CASP+ certification, three things are true:

  • Your certification status is unchanged. It remains active until your normal 3-year renewal cycle.
  • Your badge will be updated. CompTIA automatically rebrands active CASP+ holders to SecurityX. You should see the new SecurityX badge in your CompTIA Central account.
  • Your CE program continues normally. 75 CEUs over 3 years, same activities, same submission process.

If your CASP+ certification has expired, you cannot renew it directly — CAS-004 is no longer offered. You would need to take the new CAS-005 SecurityX exam to re-credential.

What changed between CAS-004 and CAS-005

The exam refresh is more substantial than the brand rename. Practical differences:

Domain restructure. CAS-004 had different domain boundaries; CAS-005's four-domain structure (GRC 20%, Architecture 27%, Engineering 31%, Operations 22%) reorganises content around how working architects actually think about the discipline.

New content emphasis.

  • AI and emerging technology impact is now explicitly testable.
  • Zero Trust is a named, integrated concept rather than peripheral material.
  • Cloud automation (IaC tools like Terraform, Ansible; generative AI in operations) is heavier.
  • Threat modeling frameworks (ATT&CK, CAPEC, STRIDE) appear more prominently in Domain 1.

De-emphasised content.

  • Some legacy cryptography content has been compressed (the "Security Engineering and Cryptography" CAS-004 domain became simply "Security Engineering" in CAS-005, with cryptography integrated rather than separate).
  • Some legacy network security content has been folded into broader architecture and engineering domains.

No fundamental difficulty change. The exam is still 90 questions, 165 minutes, expert-level PBQ-heavy. Time pressure remains the single most-reported challenge among candidates.

Practical implications

If you are studying right now:

  • Use CAS-005 study material exclusively. CAS-004 is retired and any course or book labelled "CASP+ CAS-004" is for an exam you cannot take. CAS-005 material is labelled "SecurityX CAS-005" or sometimes "SecurityX (formerly CASP+) CAS-005" during the transition period.
  • The official CompTIA SecurityX product line for CAS-005 is what you want: CertMaster Perform, the SecurityX eBook, standalone CertMaster Labs, and the exam voucher.

If you held CASP+ and are considering taking SecurityX:

  • You do not need to. Your existing CASP+ rebranded to SecurityX automatically.
  • Re-taking the new CAS-005 exam to "have the latest version" provides no credentialing benefit — your CompTIA Central record already shows SecurityX.

If you are choosing between SecurityX and CISSP:

  • The rebrand does not change this calculus. SecurityX is hands-on technical for working architects/engineers; CISSP is broader and more management-oriented. Many professionals hold both as complementary credentials.

If you are coming back to the cert after several years and want to study with current material, the official CAS-005 stack is CertMaster Perform for SecurityX as your primary product, paired with the Global + Retake voucher once you are ready to schedule. For the broader study roadmap, see our complete CAS-005 guide.

What to expect going forward

CompTIA's three-year refresh cycle puts the next SecurityX exam version (CAS-006 or whatever the next code becomes) at approximately late 2027 or 2028. Until then, CAS-005 is the only exam, the SecurityX brand is the only name, and the official Perform product is the recommended study spine.

For working architects, the practical takeaway: do not let the rebrand confuse you into reading old material or hesitating to credential. The cert is still the same advanced-level recognition for security architects and senior engineers; only the name and the exam version have changed.

The CASP+ to SecurityX rebrand is real but mostly cosmetic for existing holders — your certification status is unchanged. The CAS-004 to CAS-005 exam transition is the substantive change, with restructured domains and new content emphasis on AI, Zero Trust, and IaC.

If you are studying for CAS-005 now, the official spine is CertMaster Perform for SecurityX plus the Global + Retake voucher. For the full preparation arc, see the complete CAS-005 guide.

Implementation notes

  1. Publishing order. Pillar [Post 1] first, then spokes in any order. Post 6 (the rebrand explainer) is a strong second post to publish — it captures search traffic from CASP+ holders and CAS-004 leftovers immediately.
  2. SEO note for Post 6. The CASP+ rebrand post should target keywords like "CASP+ vs SecurityX," "CAS-004 retired," "CASP+ still valid," "SecurityX certification name change." This is high-traffic transitional searching. Make sure the H1, meta title, and first 100 words contain "CASP+" prominently.
  3. Anchor-text variation. Each spoke uses 2–3 different anchor variations linking back to the pillar.
  4. CTA link format. Use absolute URLs.
  5. Schema markup. BlogPosting on all posts, FAQPage on posts with FAQ sections (Posts 1, 2, 3, 4, 5).
  6. Cross-cluster bridges. Pillar [Post 1] contains three outbound bridges:
    • To Security+ SY0-701 pillar (foundational)
    • To CySA+ CS0-003 pillar (recommended prior cert on defensive track)
    • To PenTest+ PT0-003 pillar (recommended prior cert on offensive track) This positions SecurityX as the destination cert that the foundational/intermediate Sec365 catalog leads toward. No other spoke should add cross-cluster links.
  7. Last reviewed. Mark each post with "Last reviewed: 2026-04-27." Verify CompTIA's SecurityX product naming and CAS-005 status quarterly. Watch for CertMaster Practice as a separate SKU appearing — if CompTIA introduces it for SecurityX in the future, this cluster needs an update.
Back to blog

Leave a comment