diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
index b17b69fe..d77fd90c 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0015/CloudFormation.md
@@ -1,5 +1,5 @@
 
-Enable encryption at rest
+Use Customer managed key
 
 ```yaml---
 Resources:
@@ -15,4 +15,6 @@ Resources:
 
 ```
 
+#### Remediation Links
+ - https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html#cfn-cloudtrail-trail-kmskeyid
 
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md
index befbea4f..42edae5a 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0015/Terraform.md
@@ -1,5 +1,5 @@
 
-Enable encryption at rest
+Use Customer managed key
 
 ```hcl
  resource "aws_cloudtrail" "good_example" {
diff --git a/avd_docs/aws/cloudtrail/AVD-AWS-0015/docs.md b/avd_docs/aws/cloudtrail/AVD-AWS-0015/docs.md
index 5f8bc940..88770c40 100644
--- a/avd_docs/aws/cloudtrail/AVD-AWS-0015/docs.md
+++ b/avd_docs/aws/cloudtrail/AVD-AWS-0015/docs.md
@@ -1,8 +1,8 @@
 
-Cloudtrail logs should be encrypted at rest to secure the sensitive data. Cloudtrail logs record all activity that occurs in the the account through API calls and would be one of the first places to look when reacting to a breach.
+Using Customer managed keys provides comprehensive control over cryptographic keys, enabling management of policies, permissions, and rotation, thus enhancing security and compliance measures for sensitive data and systems.
 
 ### Impact
-Data can be freely read if compromised
+Using AWS managed keys does not allow for fine grained control
 
 <!-- DO NOT CHANGE -->
 {{ remediationActions }}
@@ -10,4 +10,6 @@ Data can be freely read if compromised
 ### Links
 - https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html
 
+- https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt
+
 
diff --git a/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.go b/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.go
deleted file mode 100755
index cfcb3313..00000000
--- a/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.go
+++ /dev/null
@@ -1,51 +0,0 @@
-package cloudtrail
-
-import (
-	"github.com/aquasecurity/trivy-policies/pkg/rules"
-	"github.com/aquasecurity/trivy/pkg/iac/providers"
-	"github.com/aquasecurity/trivy/pkg/iac/scan"
-	"github.com/aquasecurity/trivy/pkg/iac/severity"
-	"github.com/aquasecurity/trivy/pkg/iac/state"
-)
-
-var CheckEnableAtRestEncryption = rules.Register(
-	scan.Rule{
-		AVDID:       "AVD-AWS-0015",
-		Provider:    providers.AWSProvider,
-		Service:     "cloudtrail",
-		ShortCode:   "enable-at-rest-encryption",
-		Summary:     "Cloudtrail should be encrypted at rest to secure access to sensitive trail data",
-		Impact:      "Data can be freely read if compromised",
-		Resolution:  "Enable encryption at rest",
-		Explanation: `Cloudtrail logs should be encrypted at rest to secure the sensitive data. Cloudtrail logs record all activity that occurs in the the account through API calls and would be one of the first places to look when reacting to a breach.`,
-		Links: []string{
-			"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html",
-		},
-		Terraform: &scan.EngineMetadata{
-			GoodExamples:        terraformEnableAtRestEncryptionGoodExamples,
-			BadExamples:         terraformEnableAtRestEncryptionBadExamples,
-			Links:               terraformEnableAtRestEncryptionLinks,
-			RemediationMarkdown: terraformEnableAtRestEncryptionRemediationMarkdown,
-		},
-		CloudFormation: &scan.EngineMetadata{
-			GoodExamples:        cloudFormationEnableAtRestEncryptionGoodExamples,
-			BadExamples:         cloudFormationEnableAtRestEncryptionBadExamples,
-			Links:               cloudFormationEnableAtRestEncryptionLinks,
-			RemediationMarkdown: cloudFormationEnableAtRestEncryptionRemediationMarkdown,
-		},
-		Severity: severity.High,
-	},
-	func(s *state.State) (results scan.Results) {
-		for _, trail := range s.AWS.CloudTrail.Trails {
-			if trail.KMSKeyID.IsEmpty() {
-				results.Add(
-					"Trail is not encrypted.",
-					trail.KMSKeyID,
-				)
-			} else {
-				results.AddPassed(&trail)
-			}
-		}
-		return
-	},
-)
diff --git a/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.cf.go b/checks/cloud/aws/cloudtrail/encryption_customer_key.cf.go
similarity index 61%
rename from checks/cloud/aws/cloudtrail/enable_at_rest_encryption.cf.go
rename to checks/cloud/aws/cloudtrail/encryption_customer_key.cf.go
index d39614b0..a52c9c68 100644
--- a/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.cf.go
+++ b/checks/cloud/aws/cloudtrail/encryption_customer_key.cf.go
@@ -1,6 +1,6 @@
 package cloudtrail
 
-var cloudFormationEnableAtRestEncryptionGoodExamples = []string{
+var cloudFormationEncryptionCustomerManagedKeyGoodExamples = []string{
 	`---
 Resources:
   BadExample:
@@ -15,7 +15,7 @@ Resources:
 `,
 }
 
-var cloudFormationEnableAtRestEncryptionBadExamples = []string{
+var cloudFormationEncryptionCustomerManagedKeyBadExamples = []string{
 	`---
 Resources:
   BadExample:
@@ -29,6 +29,6 @@ Resources:
 `,
 }
 
-var cloudFormationEnableAtRestEncryptionLinks = []string{}
-
-var cloudFormationEnableAtRestEncryptionRemediationMarkdown = ``
+var cloudFormationEncryptionCustomerManagedKeyLinks = []string{
+	"https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-cloudtrail-trail.html#cfn-cloudtrail-trail-kmskeyid",
+}
diff --git a/checks/cloud/aws/cloudtrail/encryption_customer_key.go b/checks/cloud/aws/cloudtrail/encryption_customer_key.go
new file mode 100755
index 00000000..6aa81438
--- /dev/null
+++ b/checks/cloud/aws/cloudtrail/encryption_customer_key.go
@@ -0,0 +1,52 @@
+package cloudtrail
+
+import (
+	"github.com/aquasecurity/trivy-policies/pkg/rules"
+	"github.com/aquasecurity/trivy/pkg/iac/providers"
+	"github.com/aquasecurity/trivy/pkg/iac/scan"
+	"github.com/aquasecurity/trivy/pkg/iac/severity"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
+)
+
+var EncryptionCustomerManagedKey = rules.Register(
+	scan.Rule{
+		AVDID:       "AVD-AWS-0015",
+		Provider:    providers.AWSProvider,
+		Service:     "cloudtrail",
+		ShortCode:   "encryption-customer-managed-key",
+		Summary:     "CloudTrail should use Customer managed keys to encrypt the logs",
+		Impact:      "Using AWS managed keys does not allow for fine grained control",
+		Resolution:  "Use Customer managed key",
+		Explanation: `Using Customer managed keys provides comprehensive control over cryptographic keys, enabling management of policies, permissions, and rotation, thus enhancing security and compliance measures for sensitive data and systems.`,
+		Links: []string{
+			"https://docs.aws.amazon.com/awscloudtrail/latest/userguide/encrypting-cloudtrail-log-files-with-aws-kms.html",
+			"https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key-mgmt",
+		},
+		Terraform: &scan.EngineMetadata{
+			GoodExamples:        terraformEncryptionCustomerManagedKeyGoodExamples,
+			BadExamples:         terraformEncryptionCustomerManagedKeyBadExamples,
+			Links:               terraformEncryptionCustomerManagedKeyLinks,
+			RemediationMarkdown: ``,
+		},
+		CloudFormation: &scan.EngineMetadata{
+			GoodExamples:        cloudFormationEncryptionCustomerManagedKeyGoodExamples,
+			BadExamples:         cloudFormationEncryptionCustomerManagedKeyBadExamples,
+			Links:               cloudFormationEncryptionCustomerManagedKeyLinks,
+			RemediationMarkdown: ``,
+		},
+		Severity: severity.High,
+	},
+	func(s *state.State) (results scan.Results) {
+		for _, trail := range s.AWS.CloudTrail.Trails {
+			if trail.KMSKeyID.IsEmpty() {
+				results.Add(
+					"CloudTrail does not use a customer managed key to encrypt the logs.",
+					trail.KMSKeyID,
+				)
+			} else {
+				results.AddPassed(&trail)
+			}
+		}
+		return
+	},
+)
diff --git a/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.tf.go b/checks/cloud/aws/cloudtrail/encryption_customer_key.tf.go
similarity index 78%
rename from checks/cloud/aws/cloudtrail/enable_at_rest_encryption.tf.go
rename to checks/cloud/aws/cloudtrail/encryption_customer_key.tf.go
index ec843f57..b4a950e5 100644
--- a/checks/cloud/aws/cloudtrail/enable_at_rest_encryption.tf.go
+++ b/checks/cloud/aws/cloudtrail/encryption_customer_key.tf.go
@@ -1,6 +1,6 @@
 package cloudtrail
 
-var terraformEnableAtRestEncryptionGoodExamples = []string{
+var terraformEncryptionCustomerManagedKeyGoodExamples = []string{
 	`
  resource "aws_cloudtrail" "good_example" {
    is_multi_region_trail = true
@@ -20,7 +20,7 @@ var terraformEnableAtRestEncryptionGoodExamples = []string{
  `,
 }
 
-var terraformEnableAtRestEncryptionBadExamples = []string{
+var terraformEncryptionCustomerManagedKeyBadExamples = []string{
 	`
  resource "aws_cloudtrail" "bad_example" {
    is_multi_region_trail = true
@@ -38,8 +38,6 @@ var terraformEnableAtRestEncryptionBadExamples = []string{
  `,
 }
 
-var terraformEnableAtRestEncryptionLinks = []string{
+var terraformEncryptionCustomerManagedKeyLinks = []string{
 	`https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudtrail#kms_key_id`,
 }
-
-var terraformEnableAtRestEncryptionRemediationMarkdown = ``
diff --git a/checks/cloud/aws/cloudtrail/enable_at_rest_encryption_test.go b/checks/cloud/aws/cloudtrail/encryption_customer_key_test.go
similarity index 83%
rename from checks/cloud/aws/cloudtrail/enable_at_rest_encryption_test.go
rename to checks/cloud/aws/cloudtrail/encryption_customer_key_test.go
index ea44d9d7..b0d3f61b 100644
--- a/checks/cloud/aws/cloudtrail/enable_at_rest_encryption_test.go
+++ b/checks/cloud/aws/cloudtrail/encryption_customer_key_test.go
@@ -3,24 +3,22 @@ package cloudtrail
 import (
 	"testing"
 
-	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
-
-	"github.com/aquasecurity/trivy/pkg/iac/state"
+	"github.com/stretchr/testify/assert"
 
 	"github.com/aquasecurity/trivy/pkg/iac/providers/aws/cloudtrail"
 	"github.com/aquasecurity/trivy/pkg/iac/scan"
-
-	"github.com/stretchr/testify/assert"
+	"github.com/aquasecurity/trivy/pkg/iac/state"
+	trivyTypes "github.com/aquasecurity/trivy/pkg/iac/types"
 )
 
-func TestCheckEnableAtRestEncryption(t *testing.T) {
+func TestEncryptionCustomerManagedKey(t *testing.T) {
 	tests := []struct {
 		name     string
 		input    cloudtrail.CloudTrail
 		expected bool
 	}{
 		{
-			name: "AWS CloudTrail unencrypted",
+			name: "AWS CloudTrail without CMK",
 			input: cloudtrail.CloudTrail{
 				Trails: []cloudtrail.Trail{
 					{
@@ -32,7 +30,7 @@ func TestCheckEnableAtRestEncryption(t *testing.T) {
 			expected: true,
 		},
 		{
-			name: "AWS CloudTrail encrypted with KMS key",
+			name: "AWS CloudTrail with CMK",
 			input: cloudtrail.CloudTrail{
 				Trails: []cloudtrail.Trail{
 					{
@@ -48,10 +46,10 @@ func TestCheckEnableAtRestEncryption(t *testing.T) {
 		t.Run(test.name, func(t *testing.T) {
 			var testState state.State
 			testState.AWS.CloudTrail = test.input
-			results := CheckEnableAtRestEncryption.Evaluate(&testState)
+			results := EncryptionCustomerManagedKey.Evaluate(&testState)
 			var found bool
 			for _, result := range results {
-				if result.Status() == scan.StatusFailed && result.Rule().LongID() == CheckEnableAtRestEncryption.LongID() {
+				if result.Status() == scan.StatusFailed && result.Rule().LongID() == EncryptionCustomerManagedKey.LongID() {
 					found = true
 				}
 			}