CompTIA certifications are granted for life. In other words, they never expire. This is different than some other certifications which do expire (such as the CISSP certification). Part of the reason for this is that the CompTIA certifications are often considered to be a stepping stone to other certifications.
However, even though the certifications don't expire, the knowledge becomes less relevant. As an example, my transcript shows that I became certified in A+ in 1999. If I never took A+ again, I could continue to say I'm A+ certified.
Similarly, my Security+ certification (from the 2000 objectives) was relevant when I was teaching Security+ using the 2000 objectives. However, when I began teaching the 2008 objectives, I took and passed the Security+ exam with the 2008 objectives. I didn't have to, but it helped me understand how to interpret the new objectives.
Some companies are encouraging employees to upgrade Security+ by taking the new exam, but this is an employer requirement, not CompTIA. To make this path easier for test takers, CompTIA has created a bridge exam (BR0-001) that can be taken if you're Security+ certified using the older exam (SY0-101) based on the 2000 objectives. In other words, you can take the BR0-001 bridge exam instead of the SY0-201 exam. The BR0-001 exam is only 50 questions (instead of 100 for SY0-201) and a passing score of only 560 is required to pass (instead of 750 for SY0-201).
In summary, if you earn the CompTIA Security+ certification, it is good for life. You can update your certification by taking a newer exam with updated objectives, but this is not required by CompTIA.
Darril Gibson
Edited January 2010
At least this is the way it used to be. CompTIA announced a change in their policy in January 2010. These two blogs talk about some of the changes.
CompTIA Certification Renewal Policy
Will Your Security+ Certification Expire?
Darril Gibson