that default service accounts are not actively used. (Automated) 5.1.6 Ensure that Service Account Tokens are only mounted where necessary (Manual) 5.2 Pod Security Policies 5.2.1 Minimize the admission fi done done echo "true" Returned Value: true 5.1.6 Ensure that Service Account Tokens are only mounted where necessary (Manual) Result: warn CIS 1.6 Benchmark - Self-Assessment Guide Remediation: Modify the definition of pods and service accounts which do not need to mount service account tokens to disable it. Audit: CIS 1.6 Benchmark - Self-Assessment Guide - Rancher v2.5.4 121 5.2 Pod

cases. 1.3.3 Secret Management Applications use secrets such as passwords, SSH keys and API tokens all the time. To prevent disclosing the secrets in the definition files that define containers/clusters