The CompTIA Security+ Certification is a vendor neutral credential. The CompTIA Security+ exam is an internationally recognized validation of foundation-level security skills and knowledge, and is used by organizations and security professionals around the globe.

The CompTIA Security+ exam will certify that the successful candidate has the knowledge and skills required to identify risk and participate in risk mitigation activities, provide infrastructure, application, operational and information security, apply security controls to maintain confidentiality, integrity and availability, identify appropriate technologies and products, and operate with an awareness of applicable policies, laws and regulations.

The CompTIA Security+ Certification is aimed at an IT security professional who has:

  • A minimum of 2 years experience in IT administration with a focus on security
  • Day to day technical information security experience
  • Broad knowledge of security concerns and implementation including the topics in the domain list below

CompTIA Security+ is ISO 17024 Accredited (Personnel Certification Accreditation) and, as such, undergoes regular reviews and updates to the exam objectives. The following CompTIA Security+ objectives reflect the subject areas in this edition of this exam, and result from subject matter expert workshops and industry-wide survey results regarding the skills and knowledge required of an information security professional with two years of experience.

This examination blueprint includes domain weighting, test objectives, and example content. Example topics and concepts are included to clarify the test objectives and should not be construed as a comprehensive listing of all the content of this examination.

The table below lists the domain areas measured by this examination and the approximate extent to which they are represented in the examination:
Domain % of Examination
1.0 Network Security 21%
2.0 Compliance and Operational Security 18%
3.0 Threats and Vulnerabilities 21%
4.0 Application, Data and Host Security 16%
5.0 Access Control and Identity Management 13%
6.0 Cryptography 11%
Total 100%

**Note: The lists of examples provided in bulleted format below each objective are not exhaustive lists. Other examples of technologies, processes or tasks pertaining to each objective may also be included on the exam although not listed or covered in this objectives document.