Ensure CloudWatch has an Alarm for KMS CMK Disabled
Amazon CloudWatch is a monitoring and observability service that can give real time insight into all actions and metrics going on with-in your infrastructure. CloudWatch allows for the creation of alarms that can allow for actionable responses to events. Understanding when a CMK is disabled can alert you to a potential security incident and is why this is considered a security best practice. This can help with ensuring you are compliant with the CIS benchmark.