Due to a new compliance regulation, the security team at MediSure must ensure that all current and future PII data stored in their S3 bucket, which is currently encrypted with SSE-S3, is encrypted using keys managed by the team, and the bucket has versioning disabled. Which solution will meet these requirements?