SQL Server 2005 SP2 includes a new, advanced configuration option called Common Criteria Compliance enabled. Government, military, financial, and other entities with serious security needs may require Common Criteria certification and implementation. Although Common Criteria superseded C2 in the security world, it doesn’t subsume all the C2 audit-mode–option functionality. Common Criteria Compliance includes the following features:
- Residual Information Protection (RIP.2) implementation
- login statistics displayed in sys.dm_exec_sessions dynamic management view
- Table DENY to override column GRANT
Microsoft formally submitted SQL Server 2005 for Common Criteria certification in January 2006. SQL Server 2005 SP1 was evaluated against the Common Criteria evaluation assurance level 1 (EAL1). SQL Server 2005 SP2 is currently being evaluated against the Common Criteria evaluation assurance level 4 (EAL4+) in Germany by Bundesamt für Sicherheit in der Informationstechnik (BSI)—the German government's Federal Office for Information Security. You can find the official posting on the BSI Web site (www.bsi.bund.de/english/index.htm). For more information about these evaluations and how to enable compliance for SQL Server 2005, see the Microsoft SQL Server Common Criteria Web site at technet.microsoft.com/en-us/library/bb153837.aspx.
