C2 security is a US government security rating that says a system has met the government-established criteria for discretionary resource protection and auditing capability. SQL Server 2000 has met these criteria. In addition, C2 auditing is necessary if you're running a C2-certified system.
To have a C2-certified SQL Server implementation, you must configure SQL Server in the evaluated C2 configuration. You must enable as a server-wide configuration option C2 auditing, which automatically starts tracing a large number of events specifically designed for auditing purposes. If you look at the list of possible SQL Server events, you'll see that several dozen of them are in the Security Audit category. For more information about C2 certification, see the SQL Server 2000 C2 Administrator's and User's Security Guide.