SQL Audit Interview between Buck Woody and Il-Sung Lee
Security and Compliance
Take advantage of the built-in security and compliance capabilities in Microsoft SQL Server 2008 R2 for effective configuration management, strong authentication and access control, powerful encryption and key management capabilities, and enhanced auditing. SQL Server 2008 has been audited for HIPAA and PCI Data Security Standard Compliance, and SQL Server 2008 Enterprise completed a Common Criteria IT security evaluations at the Basic Assurance Level EAL1+ and at Evaluation Assurance Level EAL4+ with compliance to the U.S. government procurement required “U.S. Government Protection Profile for Database Management Systems in Basic Robustness Environments, V1.2". Learn more about SQL Server Common Criteria certifications.
- Use Policy-Based Management to detect noncompliance.
- Rely on transparent data encryption at the database level.
- Manage encryption keys by using Hardware Security Modules.
- Implement fast, granular auditing with SQL Server Audit.
- Address needs around regulations, such as HIPAA and PCI.