Queues should be encrypted with customer managed KMS keys and not default AWS managed keys, in order to allow granular control over access to specific queues.
The SQS queue messages could be read if compromised
Turn on SQS Queue encryption
The following example will fail the aws-sqs-enable-queue-encryption check.
The following example will pass the aws-sqs-enable-queue-encryption check.