Navy COOL Snapshot - CompTIA Security+

CompTIA Security+

Renewal Period: 3 years

The Computing Technology Industry Association (CompTIA), Security+ is an entry-level, vendor-neutral certification for IT professionals. The Security+ validates the baseline skills needed to perform core security functions, incorporating best practices in hands-on troubleshooting and problem-solving skills. Candidates demonstrate the ability to evaluate and implement security solutions for an enterprise environment, monitor and secure hybrid environments, understand laws and policies, and identify, analyze, and respond to security events and incidents. Candidates should meet experience recommendations and must pass a written exam.

More information can be found on the certifying agency's website.

CompTIA Security+

The following Navy Occupations provide training and/or experience that contributes to attaining this credential:

Personnel Category	Occupation	Occupation Type	Related As	Navy$	LaDR
Enlisted	CTI-Cryptologic Technician Interpretive	Rating	Other
Enlisted	CTN-Cryptologic Technician Networks	Rating	Some	Navy Bucks	E4 Pay Grade
Enlisted	CTR-Cryptologic Technician Collection	Rating	Other
Enlisted	CTT-Cryptologic Technician Technical	Rating	Other
Enlisted	ET-Electronics Technician	Rating	Some	Navy Bucks	E7 Pay Grade
Enlisted	ETV-Electronics Technician, Submarine, Navigation	Rating	Other
Enlisted	FCA-Fire Controlman (AEGIS)	Rating	Some	Navy Bucks	E4 Pay Grade
Enlisted	HM - Biomedical Equipment Technician	Role	Some	Navy Bucks	E5 Pay Grade
Enlisted	HM-Hospital Corpsman	Rating	Some	Navy Bucks	E5 Pay Grade
Enlisted	IS-Intelligence Specialist	Rating	Other
Enlisted	IT-Information Systems Technician	Rating	Most	Navy Bucks	E4 Pay Grade
Enlisted	ITS-Information Systems Technician Submarines	Rating	Most	Navy Bucks	E4 Pay Grade
Enlisted/Officer	Cyber IT/CSWF Customer Service and Technical Support	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Cyber Defense Infrastructure Support	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Cyber Operations Planning	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Data Administration	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Digital Forensics	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Education and Training	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Incident Response	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Info System Security Management	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Investigation	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Knowledge Management	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Network Services	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Risk Management	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Strategic Planning and Policy Development	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF System Administration	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Systems Analysis	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Technology Research and Development	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Test and Evaluation	Out of Rate/Designator Assignment	Some	Navy Bucks
Enlisted	TSCE - Total Shipboard Computing Environment	Out of Rate Assignment	Most	Navy Bucks
Enlisted/Officer	Cyber IT/CSWF Vulnerability Assessment and Management	Out of Rate/Designator Assignment	Some	Navy Bucks
Officer	181X - Cryptologic Warfare Officer	Designator	Other
Officer	182X - Information Professional	Designator	Most	Navy Bucks
Officer	183X - Intelligence Officer	Designator	Other
Officer	184X - Cyber Warfare Engineer	Designator	Other
Officer	510X - Civil Engineering Officer	Designator	Some	Navy Bucks
Officer	629X - Communications Specialty (Submarine) LDO	Designator	Some	Navy Bucks
Officer	681X - Cryptologic Warfare LDO	Designator	Other
Officer	682X - Information Professional LDO	Designator	Most	Navy Bucks
Officer	683X - Intelligence Officer LDO	Designator	Other
Officer	781X - Cryptologic Warfare Technician CWO	Designator	Other
Officer	782X - Information Systems Technician CWO	Designator	Most	Navy Bucks
Officer	783X - Intelligence Technician CWO	Designator	Other
Officer	784X - Cyber Warrant Officer CWO	Designator	Other

The following civilian occupations are related to this credential:

	Civilian Job	Job Family	Bright Outlook	Registered Apprenticeship	Local Salary Info
	Information Security Analysts	Computer and Mathematical	Bright Outlook		find local salary

MINIMUM REQUIREMENTS

Attainability:

Eligibility Requirements (View Details)

Credential Prerequisite
Experience: 2 years recommended
Education
Training
Membership
Other
Fee

Note: This credential may have multiple options for a Service member to meet eligibility requirements. Requirements listed here are based on the minimum degree required. To view other options, see the Eligibility tab.

Exam Requirements (View Details)

Exam
Written Exam
Oral Exam
Practical Exam
Performance Assessment

Exam Administration (View Details)

In-person exam
Remote proctored on-line exam
Third-party test vendor

RECERTIFICATION SUMMARY

Renewal Period: 3 years

Continuing Education
Exam
Continuing Education OR Exam
Fee
Other

AGENCY CONTACT INFORMATION

Computing Technology Industry Association (CompTIA)

3500 Lacey Road
Suite 100
Downers Grove, IL 60515

Phone: 866.835.8020

Fax: 630.678.8384
Contact Page

Military Specific REQUIREMENTS

Security+ is compliant with ISO 17024 standards and approved by the US DoD to meet directive 8140/8570.01-M requirements. Regulators and government rely on ANSI accreditation because it provides confidence and trust in the outputs of an accredited program. Over 2.3 million CompTIA ISO/ANSI-accredited exams have been delivered since January 1, 2011.

Show Written Exam Requirements / Hide Written Exam Requirements

Written Exam SY0-501 (retiring 7/31/2021)

1.0 Threats, Attacks and Vulnerabilities (21%)
- 1.1 Given a scenario, analyze indicators of compromise and determine the type of malware.
- 1.2 Compare and contrast types of attacks.
- 1.3 Explain threat actor types and attributes.
- 1.4 Explain penetration testing concepts.
- 1.5 Explain vulnerability scanning concepts.
- 1.6 Explain the impact associated with types of vulnerabilities.
2.0 Technologies and Tools (22%)
- 2.1 Install and configure network components, both hardware and software-based, to support organizational security.
- 2.2 Given a scenario, use appropriate software tools to assess the security posture of an organization.
- 2.3 Given a scenario, troubleshoot common security issues.
- 2.4 Given a scenario, analyze and interpret output from security technologies.
- 2.5 Given a scenario, deploy mobile devices securely.
- 2.6 Given a scenario, implement secure protocols.
3.0 Architecture and Design (15%)
- 3.1 Explain use cases and purpose for frameworks, best practices and secure configuration guides.
- 3.2 Given a scenario, implement secure network architecture concepts.
- 3.3 Given a scenario, implement secure systems design.
- 3.4 Explain the importance of secure staging deployment concepts.
- 3.5 Explain the security implications of embedded systems.
- 3.6 Summarize secure application development and deployment concepts.
- 3.7 Summarize cloud and virtualization concepts.
- 3.8 Explain how resiliency and automation strategies reduce risk.
- 3.9 Explain the importance of physical security controls.
4.0 Identity and Access Management (16%)
- 4.1 Compare and contrast identity and access management concepts.
- 4.2 Given a scenario, install and configure identity and access services.
- 4.3 Given a scenario, implement identity and access management controls.
- 4.4 Given a scenario, differentiate common account management practices.
5.0 Risk Management (14%)
- 5.1 Explain the importance of policies, plans and procedures related to organizational security.
- 5.2 Summarize business impact analysis concepts.
- 5.3 Explain risk management processes and concepts.
- 5.4 Given a scenario, follow incident response procedures.
- 5.5 Summarize basic concepts of forensics.
- 5.6 Explain disaster recovery and continuity of operation concepts.
- 5.7 Compare and contrast various types of controls.
- 5.8 Given a scenario, carry out data security and privacy practices.
6.0 Cryptography and PKI (12%)
- 6.1 Compare and contrast basic concepts of cryptography.
- 6.2 Explain cryptography algorithms and their basic characteristics.
- 6.3 Given a scenario, install and configure wireless security settings.
- 6.4 Given a scenario, implement public key infrastructure.

Written Exam SY0-601

Threats, Attacks, and Vulnerabilities
- Compare and contrast different types of social engineering techniques
- Given a scenario, analyze potential indicators to determine the type of attack
- Given a scenario, analyze potential indicators associated with application attacks
- Given a scenario, analyze potential indicators associated with network attacks
- Explain different threat actors, vectors, and intelligence sources
- Explain the security concerns associated with various types of vulnerabilities
- Summarize the techniques used in security assessments
- Explain the techniques used in penetration testing
Architecture and Design
- Explain the importance of security concepts in an enterprise environment
- Summarize virtualization and cloud computing concepts
- Summarize secure application development, deployment, and automation concepts
- Summarize authentication and authorization design concepts
- Given a scenario, implement cybersecurity resilience
- Explain the security implications of embedded and specialized systems
- Explain the importance of physical security controls
- Summarize the basics of cryptographic concepts
Implementation
- Given a scenario, implement secure protocols
- Given a scenario, implement host or application security solutions
- Given a scenario, implement secure network designs
- Given a scenario, install and configure wireless security settings
- Given a scenario, implement secure mobile solutions
- Given a scenario, apply cybersecurity solutions to the cloud
- Given a scenario, implement identity and account management controls
- Given a scenario, implement authentication and authorization solutions
- Given a scenario, implement public key infrastructure
Operations and Incident Response
- Given a scenario, use the appropriate tool to assess organizational security
- Summarize the importance of policies, processes, and procedures for incident response
- Given an incident, utilize appropriate data sources to support an investigation
- Given an incident, apply mitigation techniques or controls to secure an environment
- Explain the key aspects of digital forensics
Governance, Risk, and Compliance
- Compare and contrast various types of controls
- Explain the importance of applicable regulations, standards, or frameworks that impact organizational security posture
- Explain the importance of policies to organizational security
- Summarize risk management processes and concepts
- Explain privacy and sensitive data concepts in relation to security

Exam Preparation Resources

There are a number of resources available to help you prepare for the CompTIA Security+ examination:

Best Sources

Related Training
- CompTIA IT Training & Classes
- Federal Virtual Training Environment (FedVTE) Free Online Cybersecurity Courses

An additional resource is O'Reilly Learning Safari Books Online, a searchable digital library that provides online access to thousands of books, training videos and conference sessions. See the Educational Resources section on the Related Sites page here on COOL to learn how to get free access.

Testing Information

Exam Administration
Credential exams may be administered in-person at a testing site, proctored on-line remotely, or have options for both. If an exam is administered through a test vendor, the third-party test vendor box will be checked. The following test administration options apply to the CompTIA Security+ credential where checked:
- In-person exam
- Remote proctored on-line exam
- Third-party test vendor

For more information on the Computing Technology Industry Association (CompTIA) testing process, visit the agency website.

Third-Party Test Vendor Information
Testing for this credential is handled by the following vendor:

Pearson VUE

The test centers are located in the U.S. They also have some test centers on military bases.

To find out more, use the following links on the Pearson VUE website:

RECERTIFICATION

CompTIA Security+

Renewal Period: 3 years

The CompTIA Security+ credential has the following recertification information:

CompTIA Security+ certification holders must earn 50 Continuing Education Units (CEUs) during the three-year certification period.

Certification holders of more than one CompTIA certification only need to meet the renewal requirements for the highest-level certification held and the lower-level CompTIA certifications automatically renew as well.

Additional considerations for the CompTIA Security+ include:

CompTIA recommends that candidate hold the CompTIA Network+ certification and have a minimum of two years of experience in IT administration with a focus on security.