CompTIA, starting late in 2008, has updated its Security+ requirements. A new exam is in place for anyone taking the Security+ course now. However, it does bring up the issue of people certified under the old requirements and whether they need to get recertified.
In order to adhere to the standards and requirements from the American National Standards Institute (ANSI), whose principles CompTIA recently adopted, the Security+ course had to be modified. Although the material remains much the same as before, there are two additions. The first is a revamping of the Access Controls topic. Security+ 2008 now delves further into the topic of access controls, and has more questions on the exam on this topic. In addition to this, CompTIA has added the Audits and Assessments topic.
Why was CompTIA forced to update its material? ANSI supports a document called the National Conformity Assessment Principles (NCAP). In short, it is a set of regulations and principles that give CompTIA, and other companies that adhere to ANSI, strict guidelines for Security+ 2008 and other classes.
Now, people who have become certified under Security+ before October 2008 are faced with the question of whether to update their certification. For many security analysts and specialists, Security+ was just the first of several security training courses required. People with higher certification than just Security+ will probably not have to worry about getting recertified for Security+ 2008. However, many government and contracting jobs that require Security+ will have to get recertified for the 2008 version. An instance of this is the Department of Defense’s (DoD) 8570 Directive (read about it here). Also, all instructors for CompTIA must have the updated certification.
However, some companies might require its employees to gain the certification while others don’t. It is not a requirement for any private-sector business, so there is no consistency guaranteed. It all comes down to who wants what for their company.
Now the issue is how does one go about gaining recertification for Security+ 2008? Obviously nobody wants to retake the entire course, so CompTIA provides a bridge exam for Security+ 2008 for individuals who have already become Security+ certified. This bridge exam focuses on the two topics mentioned earlier: Access Controls and Audits and Assessments. The test covers questions only relating to this new material, so one does not have to go over all the information covered in the original Security+ course.
So for people who have SY0-101 certification, a short bridge exam is available to everyone looking (or required) to stay up-to-date with their Security+ 2008 certification.