Monday, September 07, 2009

PCI Audit , C2 Compliance and Common Criteria Compliance in SQL Server 2008

I'm reading: PCI Audit , C2 Compliance and Common Criteria Compliance in SQL Server 2008Tweet this !
Auditing and compliance like Sarbanes Oxley and others are becoming an regular requirement in projects especially in financial sector. SQL Server 2008 comes with some major security audit compliance standards, that covers major ground of compliance.

1) C2 Audit compliance: It's a US standard of compliance, and is quite strict in terms of its requirements. Everything that is executed on SQL Server is audited and written down to a trace file. And the not so pleasant part is, for whatsoever reason if SQL Server is not able to write to a trace, SQL Server service would be stopped. Once this auditing standard is enabled, the trace recording gets triggered and the file is saved in default directory. It can be enabled just by using sp_configure stored procedure.

2) Common Criteria compliance: This is an European standard of compliance and is considered to be a superset of C2 audit compliance. It is more flexible or I should use the word more free form in terms of the requirements it lays down for its compliance. A very nice article on this compliance can be found on SSQA.net.

3) PCI compliance: PCI is carried out on projects in almost any CMM level 5 organisation that practices Quality Assurance on projects genuinely. SQL Server has support for this too. A nice webcast and whitepaper on the same are available that guides how and what of PCI compliance with SQL Server 2008.

Those who need more information on compliance can download the SQL Server 2008 Compliance Guide for detailed information.

1 comment:

Anonymous said...

i seriously adore your own posting choice, very useful,
don't give up as well as keep writing considering it simply just truly worth to follow it.
excited to look at even more of your current articles, good bye ;)

Related Posts with Thumbnails