Which of the following is NOT a characteristic of the zero trust security model?

The zero trust security model is defined by the principle of "never trust, always verify." This means that no user or device, whether inside or outside the network perimeter, is inherently trusted. Instead, every access request must be authenticated and verified, regardless of the source.

Assuming all users are trustworthy directly contradicts the core philosophy of zero trust. In this model, every user, device, and connection is treated as untrusted until proven otherwise. As such, continuous monitoring of network activity and the requirement for user authentication are fundamental practices within the zero trust framework. Each access request undergoes verification to ensure that only authenticated and authorized users can interact with sensitive data and systems.

By emphasizing that all users are untrustworthy, the zero trust model significantly decreases the risk of data breaches and increases overall security posture. Hence, assuming that all users are trustworthy is not a characteristic found within the zero trust security model.