GCP kms_key_rotation_enabled check and documentation missmatch

[janritter]

Issue search

• I have searched the existing issues and this bug has not been reported yet

Which component is affected?

Prowler CLI/SDK

Cloud Provider (if applicable)

GCP

Steps to Reproduce

1. Create a KMS Key with a rotation planned for more than 90 days in the future, e.g. 180days
2. Run the GCP kms_key_rotation_enabled check: prowler gcp --check kms_key_rotation_enabled

-> You will see a failure that the key is not rotated at least annually, showing the missmatch between the check and documentation about the check

Expected behavior

The check confirms a rotation every 90days which is in line with the CIS Benchmark, so the documentation should be updated to match this.

In addition it might be valuable to have two checks, because CIS requires every 90d while c5 is only saying that rotation must be enabled based on the individual risk profile, not mentioning explicit days

• one for "rotation is enabled (independent of the days)
• another one for "rotation with a maximum of 90d is enabled"

Actual Result with Screenshots or Logs

How did you install Prowler?

From pip package (pip install prowler)

Environment Resource

Workstation

OS used

MacOS

Prowler version

5.28.1

Python version

3.12.13

Pip version

25.0.1

Context

I'm also happy to create a PR for the fix, but would like to align on the two checks first