Common Criteria Certification
SQL Server 2005 Service Pack 1 (SP1) has been evaluated against the Common Criteria evaluation assurance level 1 (EAL1). Service Pack 2 is being evaluated against the Common Criteria evaluation assurance level 4 (EAL4+). For more information about these evaluations and how to enable compliance for SQL Server 2005, see the Microsoft SQL Server Common Criteria Web site.
Ratified as an international standard in 1999, the Common Criteria supersedes several older evaluation schemes including the U.S. Trusted Computer Systems Evaluation Criteria (TCSEC) (which specified the well-known Class C2 rating), the European Information Technology Security Evaluation Criteria (ITSEC), and the Canadian Trusted Computer Product Evaluation Criteria (CTCPEC). The Common Criteria was designed by a group of nations to improve the availability of security-enhanced IT products, help users evaluate IT products for purchase, and contribute to consumer confidence in IT product security. An international body composed of more than 20 nations maintains the Common Criteria, which is recognized by the International Standards Organization (ISO) as ISO standard 15408. For more information, see the Common Criteria portal home page.