The Complete Guide to CompTIA SecurityX (CAS-005) in 2026

The Complete Guide to CompTIA SecurityX (CAS-005) in 2026

CompTIA SecurityX is the rebranded, restructured successor to CASP+ — the certification security architects and senior security engineers reach for when they need a vendor-neutral, hands-on validation of expert-level skill. The current version, CAS-005, launched in December 2024 and is the only active version since CAS-004 retired on June 17, 2025. SecurityX joined the CompTIA Xpert Series alongside DataX, signalling that this is not a stepping-stone credential — it is a destination cert for working architects.

This guide walks through what CAS-005 actually tests, how the official CompTIA materials fit together, and a realistic preparation arc for a candidate who is already mid-career in security and just needs the cert to validate it.

Important context: the rebrand from CASP+

CompTIA Advanced Security Practitioner (CASP+) was rebranded to SecurityX with the launch of CAS-005. Two practical implications:

  • If you hold CASP+, your certification is unaffected — it automatically migrates to the SecurityX badge and the CE program continues unchanged.
  • If you are studying or buying material, anything tagged CAS-004 or "CASP+ CAS-004" is for a retired exam. The current product is SecurityX CAS-005.

The exam objectives also restructured. CAS-005 has 4 domains, with Governance/Risk/Compliance now leading at 20%, Security Architecture at 27%, Security Engineering at 31% (the largest), and Security Operations at 22%. If you are returning to the cert after working through CAS-004 material, the domain restructure and the new emphasis on cloud-native security, automation, AI/emerging tech impact, and Zero Trust integration are large enough that older study material will leave gaps.

Read our full CASP+ to SecurityX rebrand guide →

Exam at a glance (CAS-005)

  • Exam code: CAS-005
  • Questions: Up to 90, mix of multiple choice and performance-based
  • Time: 165 minutes
  • Passing score: Pass/Fail (no scaled numeric score)
  • Cost: ~USD $509 (varies by region — verify on the product page)
  • Validity: 3 years, renewable through 75 CEUs over the cycle
  • Recommended experience: Minimum 10 years of general hands-on IT, including 5 years of hands-on security, with Network+, Security+, CySA+, Cloud+, and PenTest+ knowledge or equivalent
  • Accreditation: ANSI accredited (ISO 17024 compliant)
  • DoD 8140 / NICE work roles: Security architect, systems requirements planner, security control assessor, R&D specialist, and others

The 165-minute window plus the heavy PBQ density makes this the most time-pressured of CompTIA's exams. Candidates routinely report finishing with 5–10 minutes left rather than the comfortable buffer they expected.

The four CAS-005 domains and their weights

# Domain Weight
1 Governance, Risk, and Compliance 20%
2 Security Architecture 27%
3 Security Engineering 31%
4 Security Operations 22%

Domain 3 alone is the largest. Domains 2 and 3 together — Architecture and Engineering — account for 58% of the exam. This reflects what SecurityX actually validates: not policy reading and not pure operations, but the practitioner-architect who designs and builds resilient enterprise security.

Because Architecture and Engineering dominate the exam, the official preparation product is built differently from the ones aimed at Security+ or CySA+ candidates. CompTIA's CertMaster Perform for SecurityX assumes you already have years of architecture and engineering work behind you, then runs diagnostics to find the specific gaps in your knowledge rather than walking you through fundamentals. That design choice is the right one for this audience — but it means the product is unforgiving if you are under-experienced.

What's actually tested

This is a 30,000-foot summary; download the official CompTIA exam objectives for the full breakdown.

Domain 1 — Governance, Risk, and Compliance (20%). Security program documentation, frameworks (COBIT, ITIL), GRC tooling, data governance, quantitative vs qualitative risk assessment, third-party risk, threat modeling using ATT&CK and CAPEC.

Domain 2 — Security Architecture (27%). Designing resilient systems, integrating Zero Trust into architecture, network segmentation and microsegmentation, deperimeterisation (SASE, SD-WAN), security boundaries, hybrid and cloud architecture decisions, container and serverless security architecture.

Domain 3 — Security Engineering (31%). Implementation and configuration of identity systems, endpoint protection platforms, cryptographic implementations, hardware security technologies, troubleshooting complex network infrastructure security issues, IaC (Terraform, Ansible), automation scripting (PowerShell, Bash, Python), CASB deployment patterns.

Domain 4 — Security Operations (22%). Threat hunting using internal intelligence (honeypots, UBA) and external (OSINT, dark web, ISACs), TIP integration, IoC sharing standards (STIX, TAXII), rule-based detection languages (Sigma, YARA, Snort), incident response leadership, SOC tooling decisions, attack surface management.

The notable additions in CAS-005 versus CAS-004: AI/emerging tech impact is now explicitly testable, Zero Trust is named and integrated, cloud automation (IaC, generative AI in operations) is heavier, and threat modeling moved to a more prominent governance position.

How the official CompTIA materials fit together

Unlike Security+, CySA+, or PenTest+, the SecurityX product line is smaller and structured differently. There is no standalone "CertMaster Learn" for SecurityX — instead, CertMaster Perform consolidates the eLearning, lab activities, assessments, and adaptive practice into one Xpert-level product.

CompTIA SecurityX eBook (CertMaster Study). The traditional study guide, fully aligned to CAS-005 objectives, organised by domain. Searchable reference text. Read the eBook walkthrough →

CertMaster Perform. The flagship Xpert-level study product. Combines diagnostic assessment, comprehensive learning content (lessons, videos, animations, scenario-based exercises), live lab activities, module quizzes, and a timed final assessment. Unlike CertMaster Learn for lower-level certs, Perform begins with diagnostics that identify your gaps and focus your study there — designed for working professionals who do not have time to relearn what they already know. See what's inside CertMaster Perform →

CertMaster Labs. Browser-based hands-on labs aligned to CAS-005 objectives. While Perform includes lab activities, the standalone CertMaster Labs catalogue offers additional depth and unlimited replays for candidates who want more hands-on practice — particularly for Domain 3 (Engineering, 31%). Explore the lab environment →

Exam Voucher. The actual ticket to sit the exam at Pearson VUE. Two variants are commonly available: a standard Global voucher (single attempt) and a Global + Retake voucher (single attempt plus one free retake). Given SecurityX's expert-level difficulty and the time pressure of the exam, the retake variant is the default sensible choice for most candidates. Voucher details and which variant to buy →

A realistic 10–14 week study plan

This plan assumes ~8–10 hours per week and CertMaster Perform as your spine. Adjust upward if your security architecture experience is thin — without solid prior exposure to Zero Trust, CASB, IaC, and threat modeling, plan 16–20 weeks.

Weeks 1–2 — Diagnostic and gap mapping. Run the CertMaster Perform initial diagnostic. Identify which domains and subtopics it flags as your weakest. Resist the temptation to start "from the beginning" — Perform is designed to skip what you already know.

Weeks 3–6 — Architecture and Engineering deep dive. Domains 2 and 3 are 58% of the exam. Spend the bulk of your effort here. Perform's lessons and built-in labs cover the foundation; supplement with standalone CertMaster Labs for the engineering troubleshooting scenarios where additional reps help.

Weeks 7–9 — Operations and GRC. Domains 4 and 1. The Operations domain rewards working SOC/IR experience; GRC rewards reading the official CompTIA frameworks closely.

Week 10 — First full timed practice assessment. Take Perform's timed final assessment. Review every wrong answer. Identify which domain still hurts.

Weeks 11–13 — Weak-area drilling. Re-run Perform diagnostics on weak domains. Work through additional standalone CertMaster Labs for any engineering scenarios that surfaced gaps. Read the relevant chapters in the eBook for governance/policy reinforcement.

SecurityX is the only CompTIA cert where the official Perform product is built around diagnostic-then-fill rather than linear-teaching. If your study time is constrained — which it is for most working architects — CertMaster Perform for SecurityX is the most efficient single product. Pair it with standalone CertMaster Labs only if your Perform diagnostics flag Domain 3 (Engineering) as a weak area requiring more lab reps.

Week 14 — Buffer and exam. Schedule the exam. One last full timed assessment 3–4 days out. Sleep, walk in.

Where SecurityX sits in your career path

If you are deciding between certifications:

  • Coming from Security+, CySA+, or PenTest+? SecurityX is the natural advanced step on the technical track. It explicitly assumes the knowledge from these foundational and intermediate certs. For the foundation, our complete Security+ guide covers what SecurityX takes for granted; for the defensive intermediate cert, our CySA+ guide walks the SOC analyst track; for the offensive intermediate cert, our PenTest+ guide covers the red-team track.
  • SecurityX vs CISSP? Different audiences. CISSP is broader, more management-oriented, and has a 5-year experience requirement plus endorsement. SecurityX is hands-on technical for working architects and engineers. Many security professionals hold both; the pairing signals "I can architect and I can manage."
  • SecurityX vs CISSP-ISSAP? Closer comparison. ISSAP is the architecture concentration of CISSP and overlaps significantly with SecurityX Domain 2. SecurityX is broader (covers engineering and operations); ISSAP is deeper on architecture specifically.
  • SecurityX as a job qualifier. SecurityX is on DoD 8140 baseline lists for security architect, control assessor, and several R&D roles. It is also recognised by enterprises like Target, General Dynamics, Exxon Mobil for advanced security positions.

Common mistakes to avoid

  • Studying CAS-004 material. It is a retired exam. Domain weights changed, content additions (AI, Zero Trust integration, IaC) are not in older material.
  • Buying as your first CompTIA cert. SecurityX explicitly assumes the knowledge layered through Security+, CySA+/PenTest+, Cloud+, and Network+. Without that foundation, you are not the target audience and will fail.
  • Treating it like Security+ at a higher level. SecurityX does not test recall or vocabulary. It tests applied judgement on multi-step scenarios. Memorising flashcards is the wrong study mode.
  • Skipping the diagnostic. CertMaster Perform's diagnostic is the most valuable hour of your prep. Skipping it and starting "from the beginning" wastes the product's design advantage.
  • Underestimating time pressure. 90 questions in 165 minutes sounds generous until you hit a 4-step scenario PBQ that takes 8 minutes. Practice at full timed pressure, not casual pace.

What to buy in what order

For most experienced candidates:

  1. CertMaster Perform — your spine. Diagnostic-led, comprehensive.
  2. SecurityX eBook — added as a reference text. Optional if Perform's content suffices.
  3. CertMaster Labs (standalone) — added if Perform diagnostics flag Engineering (Domain 3, 31%) as a gap requiring extra lab reps.
  4. Exam Voucher (Global + Retake recommended) — booked once Perform's timed assessment scores hold consistently in the high range.

Ready to start preparing? The straightforward path most candidates take is CertMaster Perform for SecurityX as the spine, the SecurityX eBook as the reference, and the Global + Retake voucher once Perform's timed assessment scores stabilise. Add standalone CertMaster Labs only if your engineering domain diagnostic suggests you need more reps.

FAQ

Is SecurityX harder than CASP+? Different exam, but most candidates report comparable difficulty with new content emphasis (AI, Zero Trust, IaC). The four-domain restructure makes the test feel more focused.

Is CASP+ still a valid certification? Yes — current CASP+ holders automatically receive the SecurityX badge and remain certified. CASP+ as a credential is no longer offered to new candidates because CAS-004 retired June 17, 2025.

How long is the voucher valid? Generally 12 months from purchase. Confirm on the product page.

Is SecurityX DoD-approved? Yes, on DoD 8140 baseline lists for several work roles including security architect and security control assessor. Verify the current 8140.03M list before relying on it for a specific role.

What if I fail? You can retake after 14 days. With the Global + Retake voucher you already paid for the second attempt; with the standard Global voucher you would need to purchase a new voucher.

Is SecurityX worth it for a working architect? Yes if your target roles or contracts list it explicitly (DoD work, federal contracting, certain enterprises). Less obviously worth it if your career path is purely commercial and you already hold CISSP — though many architects hold both as complementary credentials.

How does SecurityX renewal work? 75 CEUs over a 3-year cycle. Activities include training, conferences, work experience, publishing, and participating as a CompTIA SME.

Back to blog

Leave a comment