2018 CASP+ Exam Changes
Advanced security professionals rejoice, the new CASP+ exam, CAS-003, is here! Available beginning on April 2, 2018; the new CASP+ exam is focused on the most current knowledge and skills required of advanced security professionals.
CASP+ Certification Overview
CompTIA’s CASP+ certification is a unique advanced-level certification in that it is geared towards professionals who want to continue in a hands-on security practitioner role versus a managerial role. Security managers are primarily responsible for identifying policies and frameworks that may need to be implemented, CASP+ professionals decide the best course to apply and execute the policies and/or frameworks.
The certification is for professionals in the following, or similar, roles:
- Information Systems Security Engineers
- Security Consultants
- Network Security Engineers
- Security Architects
- Technical Analysts
- And more!
CASP+ Exam Overview
Similar to previous CASP+ exams (CAS-001 and CAS-002), the newest exam, CAS-003, follows a similar format. The exam is pass or fail with no scaled score and contains no more than 90 multiple-choice/performance-based questions. The exam is administered through Pearson VUE and candidates will have 2 hours and 35 minutes to complete the exam. Applicants for the CASP+ certification are recommended to have at least 10 years of experience in IT administration, with at least five of those years in a hands-on technical security role. If a candidate does not meet the recommended years of experience, it may be difficult to earn the certification unless they have taken a CASP+ training course.
New CASP+ Exam, CAS-003
The newest version of the CASP+ exam ensures that security practitioners will be prepared with the knowledge and skills to defend their organization from ever-evolving cyber threats. The changes to the exam will be seen in the following areas:
- Domains and percentage of exam
- Emphasis on evaluating risk
- Expansion of security control topics
- Greater coverage of cloud and virtualization technologies
- Incorporation of cryptographic techniques
A detailed description of each change can be found on the CompTIA news page here.
A quick comparison of the new domains and percentages reflects the aforementioned items. See the side-by-side comparison below.
- Risk Management – 19%
- Enterprise Security Architecture – 25%
- Enterprise Security Operations – 20%
- Technical Integration of Enterprise Security – 23%
- Research, Development, and Collaboration – 13%
- Enterprise Security – 30%
- Risk Management and Incident Response – 20%
- Research and Analysis – 18%
- Integration of Computing, Communication, and Business Disciplines – 16%
- Technical Integration of Enterprise Components – 16%
While the new exam was released at the beginning of April 2018, it will not be retired until October 2, 2018. This means qualified candidates can take either exam for the time being. CASP+ certified individuals, no matter what exam they took to receive their credentials will still need to complete 75 CEUs to renew their CASP+ certification.
Renewing the CASP+ credential is necessary to remain certified. The credential holder must earn a minimum of 75 Continuing Education Units (CEUs) over a period of three years after they have passed the CASP+ exam. CEUs can be earned in a variety of ways, through a single activity or multiple activities.
Single activities accepted for renewal consideration by CompTIA include:
- Passing the latest version of an exam
- Earning a non-CompTIA Certification
Multiple activities accepted for CEU consideration by CompTIA include:
- Earning CompTIA certifications
- Attending training or higher education courses
- Participating in conferences or training
- Publishing blog posts, whitepapers, or writing a book
- Work experience