Evaluation Of A Zero Trust–Based Cybersecurity Strategy: A Case Study Of PT XYZ

Authors

  • Rani Fersari Damanik Universitas Indonesia, Depok, Indonesia
  • Setiadi Yazid Universitas Indonesia, Depok, Indonesia
  • Yudho Giri Sucahyo Universitas Indonesia, Depok, Indonesia

DOI:

https://doi.org/10.33751/jhss.v10i2.126

Keywords:

Zero Trust, Zero Trust Maturity Model, CISA, Cybersecurity

Abstract

Zero Trust (ZT) has become a fundamental paradigm in modern cybersecurity architecture by emphasizing the principle of “never trust, always verify.” The Cybersecurity and Infrastructure Security Agency (CISA) introduced the Zero Trust Maturity Model (ZTMM) as a framework to guide organizations through four maturity stages Traditional, Initial, Advanced, and Optimal in adopting Zero Trust principles in a gradual and structured manner. In Indonesia, PT XYZ, as one of the telecommunications companies in the country, has adopted the Zero Trust approach as a strategy to strengthen its overall security posture amid the increasing complexity of infrastructure and cyber threats. This study aims to evaluate the maturity level of Zero Trust implementation at PT XYZ using the CISA ZTMM framework. The evaluation was conducted by analyzing the implementation of security controls across several core pillars of Zero Trust and assessing the alignment of these implementations with the defined maturity levels. The measurement results indicate that the maturity level of Zero Trust implementation at PT XYZ is currently at the Initial level, characterized by the partial implementation of Zero Trust controls and the suboptimal integration across security domains. These findings indicate the existence of gaps in aspects such as visibility, automation, governance, and cross-pillar capabilities that hinder the organization from achieving a higher level of maturity. The results of this study are expected to serve as a basis for developing strategic recommendations and an implementation roadmap for Zero Trust to support advancement toward the Optimal level.

Keywords: Zero Trust, Zero Trust Maturity Model, CISA, Cybersecurity

References

[1] H. Kang, G. Liu, Q. Wang, L. Meng, and J. Liu, “Theory and Application of Zero Trust Security: A Brief Survey,” Dec. 01, 2023, Multidisciplinary Digital Publishing Institute (MDPI). doi: 10.3390/e25121595.

[2] C. Manzano, G. Marquez, and H. Astudillo, “Quality Attributes for Zero Trust Architecture-Based Systems,” in Proceedings - International Conference of the Chilean Computer Science Society, SCCC, IEEE Computer Society, 2024. doi: 10.1109/SCCC63879.2024.10767657.

[3] W. Yeoh, M. Liu, M. Shore, and F. Jiang, “Zero trust cybersecurity: Critical success factors and A maturity assessment framework,” Comput. Secur., vol. 133, Oct. 2023, doi: 10.1016/j.cose.2023.103412.

[4] Y. Ren, Z. Wang, P. K. Sharma, F. Alqahtani, A. Tolba, and J. Wang, “Zero Trust Networks: Evolution and Application from Concept to Practice,” 2025, Tech Science Press. doi: 10.32604/cmc.2025.059170.

[5] M. Ilyas, M. Akal, and Q. Althebyan, “Maturity Model for Corporate Sector Based on Zero Trust Adoption,” in 2024 International Conference on Engineering and Emerging Technologies (ICEET), IEEE, Dec. 2024, pp. 1–7. doi: 10.1109/ICEET65156.2024.10913750.

[6] A. Dalal, “Designing Zero Trust Security Models to Protect Distributed Networks and Minimize Cyber Risks,” 2021.

[7] S. Ahmadi, “Zero Trust Architecture in Cloud Networks: Application, Challenges and Future Opportunities,” Journal of Engineering Research and Reports, vol. 26, no. 2, pp. 215–228, Feb. 2024, doi: 10.9734/jerr/2024/v26i21083.

[8] CISA, “Zero Trust Maturity Model Version 2.0,” 2023. [Online]. Available: http://www.cisa.gov/tlp/.

[9] S. Alnoaimi and A. Alomary, “Zero Trust Security: A Comprehensive Comparative Analysis of Zero Trust Maturity Models,” in 2nd International Conference on IT Innovations and Knowledge Discovery, ITIKD 2024, Institute of Electrical and Electronics Engineers Inc., 2025. doi: 10.1109/ITIKD63574.2025.11005097.

[10] F. Santucci et al., “Implementing Zero Trust: Expert Insights on Key Security Pillars and Prioritization in Digital Transformation,” Information (Switzerland), vol. 16, no. 8, Aug. 2025, doi: 10.3390/info16080667.

[11] V. Kalekar, “Advancing Zero Trust Maturity Assessment with a Quantitative Scoring System,” in Proceedings of the IEEE International Conference on Computer Communication and the Internet, ICCCI, Institute of Electrical and Electronics Engineers Inc., 2025, pp. 72–85. doi: 10.1109/ICCCI65070.2025.11158460.

Downloads

Published

26-06-2026

How to Cite

Damanik, R. F., Yazid, S., & Sucahyo, Y. G. (2026). Evaluation Of A Zero Trust–Based Cybersecurity Strategy: A Case Study Of PT XYZ. JHSS (Journal of Humanities and Social Studies), 10(2), 1045–1050. https://doi.org/10.33751/jhss.v10i2.126

Similar Articles

<< < 1 2 3 4 5 > >> 

You may also start an advanced similarity search for this article.

Most read articles by the same author(s)