The CompTIA Advanced Security Practitioner (CASP) certification designates IT professionals with advanced-level security skills and knowledge.

An update to the CASP certification exam launched January 20, 2015 (CAS-002). The old exam (CAS-001) will retire on June 20, 2015.

  • Approved by U.S. Dept. of Defense to meet IA technical and management certification requirements
  • Chosen by Dell and HP advanced security personnel
  • Globally recognized CompTIA name
  • Vendor-neutral
Certification Information

The CASP exam covers the technical knowledge and skills required to conceptualize, design, and engineer secure solutions across complex enterprise environments. It involves applying critical thinking and judgment across a broad spectrum of security disciplines to propose and implement solutions that map to enterprise drivers, while managing risk.

While there is no required prerequisite, the CASP certification is intended to follow CompTIA Security+ or equivalent experience and has a technical, hands-on focus at the enterprise level.

CompTIA is ANSI accredited Certifier - 0731. The CASP program is included in the scope of this accreditation. The CASP certification may be kept current through the CompTIA Continuing Education program.

Lesson 1: Managing Risk

  • Topic A: Identify the Importance of Risk Management
  • Topic B: Assess Risk
  • Topic C: Mitigate Risk
  • Topic D: Integrate Documentation into Risk Management

Lesson 2: Integrating Computing, Communications, and Business Disciplines

  • Topic A: Facilitate Collaboration Across Business Units
  • Topic B: Secure Communications and Collaboration Solutions
  • Topic C: Implement Security Activities Throughout the Technology Life Cycle

Lesson 3: Using Research and Analysis to Secure the Enterprise

  • Topic A: Determine Industry Trends and Effects on the Enterprise
  • Topic B: Analyze Scenarios to Secure the Enterprise

Lesson 4: Integrating Advanced Authentication and Authorization Techniques

  • Topic A: Implement Authentication and Authorization Technologies
  • Topic B: Implement Advanced Identity Management

Lesson 5: Implementing Cryptographic Techniques

  • Topic A: Describe Cryptographic Concepts
  • Topic B: Choose Cryptographic Techniques
  • Topic C: Choose Cryptographic Implementations

Lesson 6: Implementing Security Controls for Hosts

  • Topic A: Select Host Hardware and Software
  • Topic B: Harden Hosts
  • Topic C: Virtualize Servers and Desktops
  • Topic D: Implement Cloud Augmented Security Services
  • Topic E: Protect Boot Loaders

Lesson 7: Implementing Security Controls for Enterprise Storage

  • Topic A: Identify Storage Types and Protocols
  • Topic B: Implement Secure Storage Controls

Lesson 8: Analyzing and Implementing Network Security

  • Topic A: Analyze Network Security Components and Devices
  • Topic B: Analyze Network-Enabled Devices
  • Topic C: Analyze Advanced Network Design
  • Topic D: Configure Controls for Network Security

Lesson 9: Implementing Security Controls for Applications

  • Topic A: Identify General Application Vulnerabilities
  • Topic B: Identify Web Application Vulnerabilities
  • Topic C: Implement Application Security Controls

Lesson 10: Integrating Hosts, Storage, Networks, and Applications in a Secure Enterprise Architecture

  • Topic A: Implement Security Standards in the Enterprise
  • Topic B: Select Technical Deployment Models
  • Topic C: Secure the Design of the Enterprise Infrastructure
  • Topic D: Secure Enterprise Application Integration Enablers

Lesson 11: Conducting Vulnerability Assessments

  • Topic A: Select Vulnerability Assessment Methods
  • Topic B: Select Vulnerability Assessment Tools

Lesson 12: Responding to and Recovering from Incidents

  • Topic A: Design Systems to Facilitate Incident Response
  • Topic B: Conduct Incident and Emergency Responses
  • Appendix A: Mapping Course Content to CompTIA Advanced Security Practitioner (CASP) Exam CAS-002
Exam Code CAS-002  
Number of Questions 80 (Maximum)
Type of questions Multiple choice and performance-based
Length of Test 165 minutes
Passing score Pass/Fail only. No scaled score.
Recommended experience 10 years experience in IT administration, including at least 5 years of hands-on technical security experience
Languages English
Retirement The old exam CAS-001 will retire on June 20, 2015

10 years experience in IT administration, including at least 5 years of hands-on technical security experience



  •   91-95007 10004


  •  91-95432 18687