Ensure that GuardDuty findings export is encrypted using desired KMS encryption level.
GuardDuty data, such as findings, is encrypted at rest using AWS owned customer master keys (CMK).
Encrypt GuardDuty Export Findings with customer-manager keys (CMKs)