A cybersecurity company, which aims to ensure the highest level of security for its operations, has been actively publishing critical log data to a specific log group in Amazon CloudWatch Logs for the past three months. To comply with the company’s stringent security guidelines, there is now a requirement to encrypt any future log data using an AWS Key Management Service (KMS) customer master key (CMK).

What steps should the company take to achieve this encryption of future log data within their existing Amazon CloudWatch Logs group?