Evaluation Of A Zero Trust–Based Cybersecurity Strategy: A Case Study Of PT XYZ
DOI:
https://doi.org/10.33751/jhss.v10i2.126Keywords:
Zero Trust, Zero Trust Maturity Model, CISA, CybersecurityAbstract
Zero Trust (ZT) has become a fundamental paradigm in modern cybersecurity architecture by emphasizing the principle of “never trust, always verify.” The Cybersecurity and Infrastructure Security Agency (CISA) introduced the Zero Trust Maturity Model (ZTMM) as a framework to guide organizations through four maturity stages Traditional, Initial, Advanced, and Optimal in adopting Zero Trust principles in a gradual and structured manner. In Indonesia, PT XYZ, as one of the telecommunications companies in the country, has adopted the Zero Trust approach as a strategy to strengthen its overall security posture amid the increasing complexity of infrastructure and cyber threats. This study aims to evaluate the maturity level of Zero Trust implementation at PT XYZ using the CISA ZTMM framework. The evaluation was conducted by analyzing the implementation of security controls across several core pillars of Zero Trust and assessing the alignment of these implementations with the defined maturity levels. The measurement results indicate that the maturity level of Zero Trust implementation at PT XYZ is currently at the Initial level, characterized by the partial implementation of Zero Trust controls and the suboptimal integration across security domains. These findings indicate the existence of gaps in aspects such as visibility, automation, governance, and cross-pillar capabilities that hinder the organization from achieving a higher level of maturity. The results of this study are expected to serve as a basis for developing strategic recommendations and an implementation roadmap for Zero Trust to support advancement toward the Optimal level.
Keywords: Zero Trust, Zero Trust Maturity Model, CISA, Cybersecurity
References
[1] H. Kang, G. Liu, Q. Wang, L. Meng, and J. Liu, “Theory and Application of Zero Trust Security: A Brief Survey,” Dec. 01, 2023, Multidisciplinary Digital Publishing Institute (MDPI). doi: 10.3390/e25121595.
[2] C. Manzano, G. Marquez, and H. Astudillo, “Quality Attributes for Zero Trust Architecture-Based Systems,” in Proceedings - International Conference of the Chilean Computer Science Society, SCCC, IEEE Computer Society, 2024. doi: 10.1109/SCCC63879.2024.10767657.
[3] W. Yeoh, M. Liu, M. Shore, and F. Jiang, “Zero trust cybersecurity: Critical success factors and A maturity assessment framework,” Comput. Secur., vol. 133, Oct. 2023, doi: 10.1016/j.cose.2023.103412.
[4] Y. Ren, Z. Wang, P. K. Sharma, F. Alqahtani, A. Tolba, and J. Wang, “Zero Trust Networks: Evolution and Application from Concept to Practice,” 2025, Tech Science Press. doi: 10.32604/cmc.2025.059170.
[5] M. Ilyas, M. Akal, and Q. Althebyan, “Maturity Model for Corporate Sector Based on Zero Trust Adoption,” in 2024 International Conference on Engineering and Emerging Technologies (ICEET), IEEE, Dec. 2024, pp. 1–7. doi: 10.1109/ICEET65156.2024.10913750.
[6] A. Dalal, “Designing Zero Trust Security Models to Protect Distributed Networks and Minimize Cyber Risks,” 2021.
[7] S. Ahmadi, “Zero Trust Architecture in Cloud Networks: Application, Challenges and Future Opportunities,” Journal of Engineering Research and Reports, vol. 26, no. 2, pp. 215–228, Feb. 2024, doi: 10.9734/jerr/2024/v26i21083.
[8] CISA, “Zero Trust Maturity Model Version 2.0,” 2023. [Online]. Available: http://www.cisa.gov/tlp/.
[9] S. Alnoaimi and A. Alomary, “Zero Trust Security: A Comprehensive Comparative Analysis of Zero Trust Maturity Models,” in 2nd International Conference on IT Innovations and Knowledge Discovery, ITIKD 2024, Institute of Electrical and Electronics Engineers Inc., 2025. doi: 10.1109/ITIKD63574.2025.11005097.
[10] F. Santucci et al., “Implementing Zero Trust: Expert Insights on Key Security Pillars and Prioritization in Digital Transformation,” Information (Switzerland), vol. 16, no. 8, Aug. 2025, doi: 10.3390/info16080667.
[11] V. Kalekar, “Advancing Zero Trust Maturity Assessment with a Quantitative Scoring System,” in Proceedings of the IEEE International Conference on Computer Communication and the Internet, ICCCI, Institute of Electrical and Electronics Engineers Inc., 2025, pp. 72–85. doi: 10.1109/ICCCI65070.2025.11158460.











