AWS CloudTrail Logs Encrypted Using KMS CMK
This policy validates that AWS CloudTrails Logs are encrypted at rest with customer managed KMS CMKs.
CloudTrail logs include API level log events within your AWS account. It is a best security practice to encrypt these logs to reduce the chance they are exposed to unauthorized viewers to gain insight into your AWS environment.
To remediate this, enable CloudTrail encryption using a KMS CMK.