diff --git a/ScoutSuite/providers/aws/resources/kms/keys.py b/ScoutSuite/providers/aws/resources/kms/keys.py
index ea1849a66..d1f943da7 100755
--- a/ScoutSuite/providers/aws/resources/kms/keys.py
+++ b/ScoutSuite/providers/aws/resources/kms/keys.py
@@ -38,10 +38,16 @@ async def _parse_key(self, raw_key):
                 ['Disabled', 'PendingDeletion'] else True
             key_dict['description'] = raw_key['metadata']['KeyMetadata']['Description'] if len(
                 raw_key['metadata']['KeyMetadata']['Description'].strip()) > 0 else None
+            key_dict['key_usage'] = raw_key['metadata']['KeyMetadata']['KeyUsage'] if len(
+                raw_key['metadata']['KeyMetadata']['KeyUsage'].strip()) > 0 else None
             key_dict['origin'] = raw_key['metadata']['KeyMetadata']['Origin'] if len(
                 raw_key['metadata']['KeyMetadata']['Origin'].strip()) > 0 else None
+            if 'CustomKeyStoreId' in raw_key['metadata']['KeyMetadata']:
+                key_dict['custom_key_store_id'] = raw_key['metadata']['KeyMetadata']['CustomKeyStoreId']
             key_dict['key_manager'] = raw_key['metadata']['KeyMetadata']['KeyManager'] if len(
                 raw_key['metadata']['KeyMetadata']['KeyManager'].strip()) > 0 else None
+            key_dict['key_spec'] = raw_key['metadata']['KeyMetadata']['KeySpec'] if len(
+                raw_key['metadata']['KeyMetadata']['KeySpec'].strip()) > 0 else None
 
         # Handle keys who don't have these keys - seen in the wild, unsure why
         if 'origin' not in key_dict.keys() or 'key_manager' not in key_dict.keys():
diff --git a/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json b/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json
index 8b2c1dffb..0f95c9c49 100644
--- a/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json
+++ b/ScoutSuite/providers/aws/rules/findings/kms-cmk-rotation-disabled.json
@@ -46,6 +46,28 @@
             "kms.regions.id.keys.id.key_enabled",
             "true",
             ""
+        ],
+        [
+            "kms.regions.id.keys.id.key_spec",
+            "containNoneOf",
+            [
+                "RSA_2048",
+                "RSA_3072",
+                "RSA_4096",
+                "ECC_NIST_P256",
+                "ECC_NIST_P384",
+                "ECC_NIST_P521",
+                "ECC_SECG_P256K1",
+                "HMAC_224",
+                "HMAC_256",
+                "HMAC_384",
+                "HMAC_512"
+            ]
+        ],
+        [
+            "kms.regions.id.keys.id.",
+            "withoutKey",
+            "custom_key_store_id"
         ]
     ],
     "id_suffix": "rotation_enabled"