SecurityX (CASP+): Complete Domains Guide [2025 Update]

About the SecurityX certification 

SecurityX is the ideal option for senior-level professionals who effectively lead and manage their organization's overall cybersecurity resilience against attacks while remaining fully immersed in all technical aspects of their profession. CompTIA states it is the "only hands-on, performance-based certification for advanced practitioners — not managers — at the advanced skill level of cybersecurity." 

This credential is accredited by ANSI and compliant with the ISO 17024 standard. It also meets the requirements for DoD directive 8140.03M; in fact, it is listed as a possible choice for IAT Level III, IAM Level II, and IASAE I and II. This means SecurityX is approved as one of the IA baseline certifications for the workforce. 

The SecurityX exam is internationally regarded as a validation of advanced-level cybersecurity skills and practical knowledge. It certifies that the successful candidate can stay current with new technology, assess cyber readiness, and design and implement appropriate solutions against the newest attacks. 

This vendor-neutral credential is aimed at professionals who have essential skills acquired through hands-on experience and working knowledge of implementing solutions with analytics tools. Credential holders must be familiar with analyzing risk impact and responding to security events within cybersecurity policies and frameworks. 

SecurityX exam details 

• Number of questions: Maximum of 90 questions. 
• Type of questions: Multiple-choice and performance-based.
• Length of test: 165 minutes.
• Passing score: Pass/fail only. No scaled score.
• Recommended experience: Minimum of 10 years of general, hands-on IT experience that includes at least 5 years of broad, hands-on IT security experience. 

Note: The new SecurityX (CAS-005) exam launched in December 2024. The old version (CAS-004) will no longer be available after June 17, 2025. 

What's new in SecurityX? 

Patrick Lane, Director of Products at CompTIA, explains that SecurityX, which replaces CASP+, is part of CompTIA's new expert-level certification series that emphasizes the fact that CompTIA offers advanced certifications beyond their early-career options. 

The SecurityX Certification Exam Objectives (CAS-005) will certify if candidates have the knowledge and skills required to: 

• Architect, engineer, integrate and implement secure solutions across complex environments to support a resilient enterprise 

• Use automation, monitoring, detection and incident response to support ongoing security operations in an enterprise environment proactively 

• Apply security practices to cloud, on-premises and hybrid environments 

• Consider cryptographic technologies and techniques, as well as the impact of emerging trends (e.g., artificial intelligence) on information security 

• Use the appropriate governance, compliance, risk management and threat-modeling strategies throughout the enterprise 

The CAS-005 exam is organized into four domains, a change from the previous structure of the CASP+ exam: 

SecurityX vs. other Certifications 

SecurityX is unique in the certification landscape as it focuses specifically on technical skills for security architects and engineers, not managers. While certifications like CISSP and CISM tend to focus more on managerial roles within cybersecurity, SecurityX is designed for professionals who want to stay hands-on at an advanced level in their technical roles. 

Key differentiators of SecurityX: 

• Hands-on focus: SecurityX is the only hands-on, performance-based certification for advanced practitioners at the advanced skill level of cybersecurity. 

• Dual coverage: Unlike other certifications, SecurityX covers both security architecture and engineering. 

• Current and relevant: SecurityX covers the most up-to-date technical skills in on-premises, cloud-native and hybrid environments, governance, risk and compliance skills. 

• Recognized standards: SecurityX is compliant with ISO/ANSI 17024 standards and maps to DCWF work roles used by U.S. DoD Directive 8140.03M. 

Average salary for SecurityX professionals 

SecurityX certification holders typically work in senior roles with competitive compensation. According to recent industry data: 

• Payscale security architect: $143,535 base 

• Glassdoor security architect: $163,685 base 

• Salary.com security architect: $134,560 base 

Additional compensation typically includes approximately $15,465 for Payscale, $5,084 for Salary.com, and $68,704 for Glassdoor positions. The combined total average compensation for Security Architects (a primary role for the SecurityX cert) is $177,011. 

SecurityX exam domains: The areas measured by this examination 

SecurityX (CAS-005) consists of four comprehensive domains covering different aspects of advanced cybersecurity. This is a significant shift from the previous CAS-004 exam structure. The new structure emphasizes governance and compliance at the beginning of the certification, acknowledging that security architecture decisions must align with organizational governance requirements and compliance frameworks. 

Governance, Risk and Compliance (20%) focuses on implementing appropriate governance components and performing risk management activities. It covers security program documentation, risk assessment frameworks, compliance strategies, threat modeling and the security challenges associated with AI adoption. This domain ensures that security professionals can establish effective security policies while maintaining regulatory compliance. 

Security Architecture (27%) emphasizes designing resilient systems and implementing security throughout the system lifecycle. The domain covers security requirements, secure development practices, access controls, cloud security capabilities and Zero Trust concepts. Security architects must demonstrate their ability to design comprehensive security architectures that can withstand sophisticated attacks. 

Security Engineering (31%) – the largest domain – deals with the practical implementation and troubleshooting of security technologies. It includes identity and access management, endpoint security, network infrastructure, hardware security, specialized systems, automation and cryptography. This domain tests the candidate's ability to engineer and deploy security solutions across complex environments. 

Security Operations (22%) covers monitoring, detection and response activities. It includes data analysis, vulnerability management, threat intelligence and incident response. Security professionals must demonstrate their ability to proactively support ongoing security operations, detect threats and respond effectively to security incidents. 

SecurityX exam qualifications: What candidates must meet to be eligible 

Let's take a look at what qualifications are needed to be eligible to sit for the SecurityX exam: 

• A minimum of 10 years of general hands-on IT experience, with at least 5 of those years being broad hands-on IT security experience 

• Recommended prerequisites: Network+, Security+, CySA+, Cloud+ and PenTest+ or equivalent knowledge 

While these prerequisites are not mandatory, they provide a solid foundation for the advanced topics covered in the SecurityX certification. The certification is designed for professionals with extensive IT security experience and looking to validate their expertise at an advanced level. 

How to prepare for the SecurityX test 

Passing the SecurityX exam requires thorough preparation, as this is an expert-level exam that covers a wide range of advanced cybersecurity concepts. Here are some recommended preparation strategies: 

Study resources 

• Official CompTIA SecurityX study materials 

• Third-party training providers offering boot camp-style courses like Infosec's CompTIA SecurityX Boot Camp 

• Practice exams to familiarize yourself with the question format and exam environment 

• Hands-on labs to gain practical experience with security tools and techniques 

Exam format and scheduling 

Online testing is available through Pearson VUE, which provides a secure and convenient way to complete exams. Once ready, candidates can register for and schedule their test on the Pearson VUE website. Note that canceling or rescheduling an exam less than 24 hours before the appointment is subject to a same-day forfeit exam fee. 

Continuing education 

CompTIA's Continuing Education (CE) program allows you to extend your certification in three-year intervals through activities and training related to your certification's content. To renew your SecurityX certification, collect at least 75 Continuing Education Units (CEUs) in three years and upload them to your certification account. 

Career opportunities with SecurityX 

Becoming SecurityX certified can provide a means to demonstrate competencies in all technical aspects of an organization's IT security planning and cyber readiness. It also offers a positive outlook for job prospects with competitive salaries from organizations eager to hire certified individuals with mastery-level skills. 

SecurityX certification prepares professionals for various high-level security roles, including: 

• Security Architect 

• Senior Security Engineer 

• Cybersecurity Architect 

• Security Analyst 

• Security Operations Center (SOC) Manager 

• Security Consultant 

These positions typically command salaries well above the industry average, reflecting the advanced skills and expertise required for these roles. 

Domain 1: Governance, Risk and Compliance (20%) 

This domain focuses on implementing governance frameworks, managing risk and ensuring compliance with regulations and standards. It has been expanded and moved to the beginning of the SecurityX certification to emphasize that effective security architecture begins with strong governance and compliance frameworks. 

Security architects and engineers must understand that all technical security decisions should support business objectives and comply with relevant regulations. Without proper governance, even the most sophisticated technical security controls may fail to protect the organization from legal, regulatory and reputational risks. 

1.1 Given a set of organizational security requirements, implement the appropriate governance components 

In this section, candidates must demonstrate their ability to establish and maintain security governance structures, including: 

• Creating comprehensive security program documentation such as policies, procedures, standards and guidelines 

• Managing security programs through training, communication and reporting 

• Implementing governance frameworks like COBIT and ITIL 

• Establishing change and configuration management processes 

• Utilizing GRC tools for mapping, automation and compliance tracking 

• Managing data governance across various environments (production, development, testing) 

1.2 Given a set of organizational security requirements, perform risk management activities 

This objective covers the systematic assessment and management of security risks: 

• Conducting impact analysis using extreme but plausible scenarios 

• Performing quantitative and qualitative risk assessments 

• Managing third-party risks throughout the supply chain 

• Addressing availability risks through business continuity and disaster recovery planning 

• Implementing measures for confidentiality, integrity and privacy risks 

• Developing crisis management and breach response procedures 

1.3 Explain how compliance affects information security strategies 

This section focuses on understanding and implementing compliance requirements: 

• Industry-specific compliance requirements for healthcare, financial and government sectors 

• Implementing standards such as PCI DSS, ISO/IEC 27000, and similar frameworks 

• Using security and reporting frameworks such as NIST CSF and SOC 2 

• Understanding the differences between audits, assessments and certifications 

• Complying with privacy regulations like GDPR, CCPA and LGPD 

• Managing cross-jurisdictional compliance requirements 

1.4 Given a scenario, perform threat-modeling activities 

This objective focuses on identifying and analyzing potential threats: 

• Analyzing threat actor characteristics, motivations and capabilities 

• Applying threat frameworks such as MITRE ATT&CK and Cyber Kill Chain 

• Determining attack surfaces through architecture reviews and data flow analysis 

• Using various threat modeling methods such as attack trees and abuse cases 

• Applying threat models to existing and new systems 

1.5 Summarize the information security challenges associated with artificial intelligence (AI) adoption 

This new section addresses emerging challenges with AI technology: 

• Addressing legal and privacy implications of AI 

• Protecting AI models from threats like prompt injection and training data poisoning 

• Defending against AI-enabled attacks such as deepfakes 

• Managing risks associated with AI usage, including sensitive information disclosure 

• Securing AI-enabled assistants and digital workers through access controls and guardrails 

The Governance, Risk and Compliance domain sets the foundation for all security architecture and engineering activities. Security professionals who excel in this domain understand that effective security is not just about implementing technical controls, but also about ensuring those controls align with business objectives, support risk management goals, and comply with regulatory requirements. 

As organizations face increasing regulatory scrutiny and more complex compliance landscapes, the ability to navigate governance and compliance issues has become a critical skill for senior security professionals. This domain tests a candidate's ability to bridge the gap between business requirements and technical security implementations — a key differentiator of the SecurityX certification compared to more technically-focused or management-focused certifications. 

Domain 2: Security Architecture (27%) 

The Security Architecture domain is at the core of the SecurityX certification, representing 27% of the exam. This domain focuses on designing and implementing security systems and controls that align with organizational requirements while maintaining resilience against evolving threats. 

Security architecture has evolved beyond traditional network security to encompass cloud environments, zero-trust principles and secure development practices. Modern security architects must balance security requirements with business needs, ensuring that security is integrated throughout the system lifecycle rather than bolted on afterward. This domain evaluates a candidate's ability to design comprehensive security architectures that provide in-depth defense while supporting business operations. 

2.1 Given a scenario, analyze requirements to design resilient systems 

This objective requires candidates to evaluate organizational needs and design systems that can withstand attacks while maintaining availability: 

• Determining optimal placement and configuration of security components like firewalls, IPS/IDS and WAFs 

• Designing for availability and integrity through proper load balancing and redundancy 

• Implementing recoverability options and considering geographical distribution 

• Addressing interoperability requirements between different systems 

• Designing systems that can scale both vertically and horizontally as needed 

2.2 Given a scenario, implement security in the early stages of the systems life cycle and throughout subsequent stages 

Security must be built in from the beginning rather than added later. This section covers: 

• Defining comprehensive security requirements alongside functional requirements 

• Implementing software assurance through testing methodologies like SAST, DAST and IAST 

• Integrating security into CI/CD pipelines with code standards and branch protection 

• Managing supply chain risks for both software and hardware components 

• Planning for hardware assurance and end-of-life considerations 

2.3 Given a scenario, integrate appropriate controls in the design of a secure architecture 

This objective focuses on practical security controls within architecture design: 

• Managing and reducing attack surfaces through vulnerability management and hardening 

• Implementing detection capabilities through centralized logging and monitoring 

• Designing appropriate data classification models and security controls 

• Deploying DLP solutions for data at rest and in transit 

• Integrating security controls into hybrid infrastructures and third-party systems 

• Measuring control effectiveness through assessments and metrics 

2.4 Given a scenario, apply security concepts to the design of access, authentication, and authorization systems 

This section addresses identity and access management architecture: 

• Designing provisioning and deprovisioning workflows for identity lifecycle management 

• Implementing federation and SSO solutions for enterprise environments 

• Applying appropriate access control models (role-based, attribute-based, etc.) 

• Designing PKI architectures with appropriate certificate types and validation mechanisms 

• Integrating physical and logical access control systems 

2.5 Given a scenario, securely implement cloud capabilities in an enterprise environment 

Cloud security has become a critical concern in modern architectures: 

• Deploying CASB solutions to manage cloud service usage 

• Detecting and managing shadow IT within the organization 

• Understanding and implementing the shared responsibility model 

• Securing container environments and orchestration systems 

• Implementing API security through proper authorization and rate-limiting 

• Addressing cloud data security considerations, including data exposure and leakage 

2.6 Given a scenario, integrate Zero Trust concepts into system architecture design 

Zero Trust has emerged as a key architectural approach: 

• Implementing continuous authorization and context-based reauthentication 

• Designing network architectures with proper segmentation and microsegmentation 

• Managing asset identification, attestation and authorization 

• Establishing appropriate security boundaries and perimeters 

• Implementing deperimeterization technologies like SASE and SD-WAN 

Security Architecture represents the strategic design phase of enterprise security. The skills tested in this domain enable security professionals to create comprehensive security designs that balance protection with usability, cost and performance. As organizations face increasingly sophisticated threats and adopt complex hybrid and multi-cloud environments, the ability to design cohesive security architectures has never been more important. 

The repositioning of this domain in the CAS-005 exam reflects CompTIA's recognition that security architecture decisions must be informed by governance and compliance requirements and, in turn, inform security's engineering and operational aspects. A well-designed security architecture enables efficient security engineering and effective security operations, creating a foundation for the organization's overall security posture. 

Domain 3: Security Engineering (31%) 

The Security Engineering domain constitutes the largest portion of the SecurityX exam at 31%, underscoring its critical importance in implementing and maintaining enterprise security. This domain bridges the gap between security architecture and security operations, focusing on the practical implementation, configuration and troubleshooting of security technologies. 

Security engineering has evolved beyond simple firewall rules and antivirus software to encompass complex identity systems, endpoint protection platforms, cryptographic implementations and specialized security hardware. Modern security engineers must possess a deep understanding of diverse technologies while maintaining the ability to automate security processes at scale. This domain evaluates a candidate's ability to translate security designs into functional implementations that protect enterprise assets against sophisticated threats. 

3.1 Given a scenario, troubleshoot common issues with identity and access management (IAM) components in an enterprise environment 

IAM implementation often presents complex challenges that security engineers must address: 

• Managing subject access control for users, processes, devices and services 

• Implementing and troubleshooting biometric authentication systems 

• Securing management of tokens, certificates, passwords and encryption keys 

• Configuring conditional access based on location, time and device characteristics 

• Implementing attestation mechanisms for device trust 

• Setting up cloud IAM access and trust policies 

• Configuring various authentication and authorization protocols like SAML, OAuth, and MFA 

3.2 Given a scenario, analyze requirements to enhance the security of endpoints and servers 

Endpoints and servers represent critical security boundaries that require robust protections: 

• Implementing application control and endpoint detection and response (EDR) 

• Configuring event logging and monitoring for security visibility 

• Deploying endpoint privilege management to limit attack surfaces 

• Setting up host-based security tools, including HIPS/HIDS and firewalls 

• Implementing browser isolation to prevent web-based attacks 

• Configuring MDM technologies for mobile device security 

• Defending against common threat actor tactics like injections and lateral movement 

3.3 Given a scenario, troubleshoot complex network infrastructure security issues 

Network security requires an in-depth understanding of potential misconfigurations and security challenges: 

• Resolving network misconfigurations, including routing errors and VPN issues 

• Troubleshooting IPS/IDS deployments, including rule configurations and placement 

• Implementing DNS security through DNSSEC and protection against poisoning 

• Configuring email security with DKIM, SPF, and DMARC 

• Resolving TLS errors and cipher mismatches 

• Addressing PKI and cryptographic implementation issues 

• Mitigating DoS/DDoS attacks and resource exhaustion scenarios 

3.4 Given a scenario, implement hardware security technologies and techniques 

Hardware security forms the foundation of a trusted computing environment: 

• Configuring roots of trust, including TPM, HSM, and vTPM 

• Implementing security coprocessors and CPU security extensions 

• Setting up host-based encryption and self-encrypting drives 

• Configuring Secure Boot and measured boot processes 

• Implementing tamper detection and countermeasures 

• Defending against hardware-based attacks, including firmware tampering 

3.5 Given a set of requirements, secure specialized and legacy systems against threats 

Many enterprise environments include specialized or legacy systems with unique security challenges: 

• Securing operational technology (OT), including SCADA and ICS 

• Implementing IoT security best practices 

• Protecting embedded systems and SoC implementations 

• Securing wireless technologies and RF communications 

• Implementing segmentation, monitoring and hardening for specialized systems 

• Addressing industry-specific challenges in utilities, healthcare, manufacturing, etc. 

• Managing systems that are obsolete, unsupported or highly constrained 

3.6 Given a scenario, use automation to secure the enterprise 

Automation has become essential for managing security at scale: 

• Leveraging scripting languages like PowerShell, Bash, and Python for security tasks 

• Implementing event-based triggers and scheduled security tasks 

• Using Infrastructure as Code (IaC) for consistent security configurations 

• Utilizing AI-powered tools for code assistance and documentation 

• Automating security processes with SOAR platforms and playbooks 

• Implementing automated vulnerability scanning with tools like SCAP 

3.7 Explain the importance of advanced cryptographic concepts 

Modern security requires a deep understanding of cryptography: 

• Understanding post-quantum cryptography and its importance 

• Implementing key stretching and key splitting for enhanced security 

• Applying homomorphic encryption for specific use cases 

• Implementing forward secrecy in communications protocols 

• Using hardware acceleration for cryptographic operations 

• Implementing envelope encryption for layered security 

3.8 Given a scenario, apply the appropriate cryptographic use case and/or technique 

This objective focuses on practical cryptography applications: 

• Selecting appropriate cryptographic techniques for data at rest, in transit and in use 

• Implementing secure email through appropriate protocols 

• Using cryptography for non-repudiation and privacy 

• Applying appropriate cryptographic techniques, including tokenization, hashing and digital signatures 

• Selecting between symmetric and asymmetric cryptography based on requirements 

• Implementing lightweight cryptography for constrained environments 

Security Engineering represents the crucial implementation phase of enterprise security. The breadth and depth of this domain reflects the complex technical skills that senior security professionals must possess to secure modern enterprise environments. Unlike security management certifications, SecurityX places significant emphasis on hands-on implementation skills, differentiating it as a certification for technical security leaders. 

Security engineers must continuously adapt their skills and approaches as threats evolve and technology landscapes change. The emphasis on automation, cryptography and specialized systems security in this domain demonstrates CompTIA's recognition of the changing nature of security engineering work. Professionals who excel in this domain can effectively implement complex security solutions across diverse environments, translating security requirements into functional protections that safeguard enterprise assets. 

Domain 4: Security Operations (22%) 

The Security Operations domain, comprising 22% of the SecurityX exam, focuses on the day-to-day activities and processes needed to maintain security, detect threats and respond to incidents. This domain represents the ongoing effort required to protect an organization after security architectures have been designed and security technologies have been implemented. 

Modern security operations have evolved beyond simple monitoring to include proactive threat hunting, advanced data analytics and sophisticated incident response capabilities. Today's security operations centers (SOCs) must process massive volumes of data from diverse sources, identify subtle indicators of compromise, and respond to incidents with surgical precision. This domain evaluates a candidate's ability to leverage data and intelligence to maintain an organization's security posture and respond effectively when that posture is breached. 

4.1 Given a scenario, analyze data to enable monitoring and response activities 

Effective security operations rely on data analysis and monitoring: 

• Configuring and troubleshooting SIEM systems for event parsing, normalization, and correlation 

• Performing aggregate data analysis to identify patterns and trends 

• Establishing behavior baselines for networks, systems, users and applications 

• Incorporating diverse data sources, including threat intelligence, vulnerability scans and logs 

• Implementing effective alerting with proper prioritization and false positive management 

• Creating meaningful security reports and metrics for stakeholders 

4.2 Given a scenario, analyze vulnerabilities and attacks, and recommend solutions to reduce the attack surface 

This objective focuses on the identification and mitigation of vulnerabilities: 

• Analyzing common vulnerabilities like injection flaws, XSS and insecure configurations 

• Recommending appropriate mitigations, including input validation and secure coding practices 

• Implementing secure development patterns and memory-safe functions 

• Applying the principle of least privilege and defense-in-depth 

• Managing dependencies and implementing code signing 

• Using encryption and proper secrets management 

4.3 Given a scenario, apply threat-hunting and threat intelligence concepts 

Proactive threat hunting has become essential for advanced security operations: 

• Leveraging internal intelligence sources like honeypots and UBA 

• Utilizing external intelligence, including OSINT and ISACs 

• Implementing counterintelligence and operational security measures 

• Using threat intelligence platforms (TIPs) for centralized management 

• Sharing IoCs using standards like STIX and TAXII 

• Implementing detection rules with languages like YARA and Sigma 

• Identifying indicators of attack and adversary TTPs 

4.4 Given a scenario, analyze data and artifacts in support of incident response activities 

This objective covers the technical aspects of incident investigation: 

• Performing malware analysis through detonation and IoC extraction 

• Conducting reverse engineering of suspicious code 

• Analyzing volatile and non-volatile storage for evidence 

• Performing network analysis and host-based forensics 

• Extracting and analyzing metadata from various file types 

• Conducting hardware analysis when necessary 

• Performing timeline reconstruction and root cause analysis 

Security Operations represents the ongoing vigilance required to maintain enterprise security. While architecture and engineering establish the security foundation, operations provide the continuous monitoring and response capabilities needed to detect and address threats that bypass preventive controls. This domain emphasizes that security is not a "set it and forget it" proposition but requires constant attention and adaptation. 

The increased emphasis on proactive activities like threat hunting and the use of threat intelligence in this domain reflects the industry's shift from purely reactive security to more anticipatory approaches. Security professionals who excel in this domain understand that effective security operations require a combination of advanced tools, well-defined processes, and skilled personnel who can interpret complex data and respond appropriately to diverse threats. 

As threat landscapes evolve and attack methodologies become more sophisticated, the importance of effective security operations continues to grow. The SecurityX certification recognizes this reality by testing candidates' ability to leverage data, intelligence and forensic techniques to protect organizational assets, even in the face of determined adversaries and advanced persistent threats. 

Conclusion: Understanding and Preparing for SecurityX 

The SecurityX certification (formerly CASP+) represents CompTIA's most advanced cybersecurity credential, designed for security architects and senior security engineers who need to validate their expertise in designing, implementing and maintaining enterprise security solutions. 

With its four comprehensive domains — Governance, Risk and Compliance; Security Architecture; Security Engineering; and Security Operations — SecurityX tests a candidate's ability to architect, engineer, integrate and implement secure solutions across complex environments while supporting a resilient enterprise. 

The certification stands out from other advanced security certifications by focusing on hands-on technical skills rather than purely management concepts. This makes SecurityX particularly valuable for security professionals who want to remain technically proficient while advancing to senior roles. 

Ready to learn more about SecurityX? 

Watch our exclusive webinar: SecurityX is here (CASP+ is no more) 

In this comprehensive webinar, Patrick Lane, Director of Products at CompTIA, explains the reasons behind the rebranding from CASP+ to SecurityX, details the changes in the new exam and provides valuable insights into how this certification fits into the cybersecurity career pathway. 

Additional resources to support your SecurityX journey: 

• Download our Cybersecurity Salary Guide: Discover the competitive salaries for SecurityX-certified professionals and other popular certifications. 

• Get our Cybersecurity Certifications and Skills Roadmap: This comprehensive ebook covers the most valuable certifications in the industry, including SecurityX. 

• Explore our SecurityX Boot Camp: Prepare for the SecurityX certification with our comprehensive boot camp, designed to help you master all four domains and pass the exam on your first attempt.