I often get asked about whether SQL server is compliant with some standard or other e.g. Sarbannes-Oxley (SOX) , Data Protection etc. The answer is yes, but there is no flip switch in SQL to turn any of these on , and as anyone knows who's tried it turning on c2 security is a great way of slowing your data base down, so caution is advised here.
For SQL Server 2005 there are configuration packs for SOX here and for the European Union Data Protection Directive (EUDPD) here. However these packs are applied to System Center Configuration Manager 2007 (SCCM) as these they are a set of configurations which can be used to evaluate compliance and then sent into SCCM for reporting, so you are going to need to invest in this technology or take the more expensive option of going around every server in your organisation and checking each one in turn manually.
For SQL Server 2008 this approach will continue, but is much easier as there are a whole bunch of new features to make compliance a lot easier and my top three would be:
Of course the rules of the game will also change as new legislation comes in, usually following hot on the heels of the latest compliance fiasco, so I wouldn't be surprised to see something bubbling up from the UK government's scant regard for the protection of personal data or the fallout from Societe Generale.
PingBack from http://4unow.org/encryption/?p=64
Scriptlogic's file server compliance solution is really helpful for achieving compliance standards.
As for sql server, it inludes some great ways to report on database objects and schema security, database permissions searches and assignments.