The next version of the CompTIA Cybersecurity Analyst (CySA+) certification is almost here. CompTIA has announced that the new CySA+ V4 (CS0-004) exam will officially launch on June 23, 2026, bringing updated objectives designed to better reflect today's cybersecurity operations, threat detection, vulnerability management, cloud security, and incident response practices.
If you're planning to earn your CySA+ certification, you may be wondering whether you should take the current CS0-003 exam or wait for the new CS0-004 version. Here's what you need to know.
What Is CySA+?
CompTIA CySA+ is an intermediate-level cybersecurity certification that validates your ability to detect, analyze, and respond to security threats across modern enterprise environments. It is designed for cybersecurity professionals working in:
- Security Operations Centers (SOC)
- Vulnerability Management
- Threat Detection and Analysis
- Incident Response
- Security Monitoring
- Cybersecurity Operations
Unlike many cybersecurity certifications that focus primarily on prevention, CySA+ emphasizes active threat detection, continuous monitoring, vulnerability management, and incident response.
CySA+ V4 Exam Details
The new CySA+ certification exam will be:
- Exam Version: CySA+ V4
- Exam Code: CS0-004
- Launch Date: June 23, 2026
- Maximum Questions: 85
- Exam Duration: 165 Minutes
- Passing Score: 750 (Scale of 100–900)
- Language: English at launch
-
Additional languages coming soon:
- French
- Japanese
- Spanish
- Portuguese
Recommended Experience
CompTIA recommends candidates have approximately:
- Four years of experience in a SOC Analyst role, Vulnerability Analyst role, or similar cybersecurity position.
What's New in CySA+ V4?
The CS0-004 exam has been updated to better align with modern security operations and evolving threat landscapes. The new version places additional emphasis on cloud environments, operational efficiency, threat hunting, and the growing role of artificial intelligence in cybersecurity.
Security Operations (34%)
Security Operations remains the largest domain on the exam and focuses on:
- Security architecture concepts
- Identity and access management
- Logging and monitoring practices
- Threat detection across networks, endpoints, cloud, and identity systems
- SIEM and EDR platforms
- Packet analysis tools
- Threat intelligence platforms
- Threat hunting methodologies
- Automation and process improvement
- AI use cases, risks, and governance considerations
Vulnerability Management (26%)
Candidates will be expected to:
- Perform vulnerability scanning
- Analyze assessment results
- Prioritize vulnerabilities using risk-based methodologies
- Implement mitigation strategies
- Understand controls, policies, and compliance requirements
Incident Response and Management (24%)
This section focuses on:
- MITRE ATT&CK
- Cyber Kill Chain concepts
- Incident response lifecycle
- Evidence handling
- Escalation procedures
- Containment and remediation
- Root cause analysis
Reporting and Communication (16%)
Security professionals must effectively communicate findings and risks. This domain covers:
- Vulnerability reporting
- Security dashboards
- Executive communications
- Incident documentation
- Post-incident reviews
- Security metrics and KPIs
- Response and remediation reporting
Skills You'll Learn
Earning CySA+ V4 validates your ability to:
- Identify suspicious activity across networks, endpoints, cloud, and hybrid environments
- Monitor security events using SIEM and EDR tools
- Investigate and respond to incidents
- Prioritize and mitigate vulnerabilities
- Communicate security findings to technical and non-technical stakeholders
- Support cloud security operations
- Apply risk-based security practices
- Utilize modern threat intelligence techniques
When Will CySA+ CS0-003 Retire?
At the time of writing, CompTIA has not officially announced the retirement date for CySA+ CS0-003.
Historically, CompTIA typically allows approximately six months of overlap between a new exam launch and the retirement of the previous version. Based on that pattern, many candidates expect CS0-003 to remain available for roughly six months after the launch of CS0-004.
However, candidates should wait for CompTIA's official retirement announcement before making plans based on a specific date.
Should You Take CS0-003 or Wait for CS0-004?
This is one of the most common questions candidates ask when a new certification version is announced.
Continue with CS0-003 If:
- You are already studying for CySA+ CS0-003
- You have purchased training materials for CS0-003
- You plan to test within the next few months
- You are close to being exam-ready
There is no reason to restart your studies if you've already invested significant time preparing for the current version.
Wait for CS0-004 If:
- You are just beginning your CySA+ journey
- You do not have current study materials
- You want the most up-to-date certification content
- You work heavily with cloud security, threat intelligence, or modern security operations
Starting with the newest version will ensure your training aligns with the latest exam objectives and current industry practices.
Prepare for CySA+ V4 with Get Certified 4 Less
Once CySA+ V4 officially launches, Get Certified 4 Less will offer the latest CompTIA training resources to help you prepare for success.
You'll be able to access:
- Official CompTIA CertMaster Learn
- CertMaster Labs
- CertMaster Practice
- Complete Learning Bundles
- CySA+ Exam Vouchers
- Voucher + Retake Assurance Options
Whether you're advancing your cybersecurity career, preparing for a SOC analyst role, or strengthening your vulnerability management skills, CySA+ V4 will continue to be one of the industry's most respected cybersecurity certifications.
Stay tuned for updates, training availability, and voucher discounts as we get closer to the June 23, 2026 launch date.
