RIP requires a memory allocation to be overwritten with a known pattern of bits before memory is reallocated to a new resource. Meeting the RIP standard can contribute to improved security; however, overwriting the memory allocation can slow performance. After the common criteria compliance enabled option is enabled, the overwriting occurs.
The ability to view login statistics
Login auditing is enabled after the common criteria compliance option is enabled.
Login times that are made available on a per-session basis each time a user successfully logs in to SQL Server: - Information about the last successful login time - The last unsuccessful login time - The number of attempts between the last successful login and the current login
After the common criteria compliance enabled option is enabled, a table-level DENY takes precedence over a column-level GRANT. When the option isn't enabled, a column-level GRANT takes precedence over a table-level DENY.
Common criteria compliance is only evaluated and certified for Enterprise Edition.
The common criteria compliance enabled setting is an advanced option. To view the setting, enable show advanced options.
For the latest status of Common Criteria certification, download and review the Common Criteria for SQL Server Datasheet. The datasheet links to the latest scripts to finish configuration. The scripts are required to comply with Common Criteria evaluation assurance level 2 (EAL2) and 4+ (EAL4+). The scripts create triggers. These triggers are required to configure a Common Criteria compliant instance. There are specific scripts for Windows and Linux. The datasheet also instructs how to verify the scripts before you run them.
To comply with Common Criteria evaluation assurance level EAL2 and EAL4+:
Enable show advanced options.
Enable compliance with sp_configure as demonstrated in Examples.
Install common criteria triggers.
Examples
The following example enables common criteria compliance.
sp_configure 'show advanced options', 1;
GO
RECONFIGURE;
GO
sp_configure 'common criteria compliance enabled', 1;
GO
RECONFIGURE WITH OVERRIDE;
GO
Get acquainted with C2 audit mode, a SQL Server configuration option that can help you profile system activity and track possible security policy violations.
Learn about server audits for the SQL Server Database Engine or an individual database. Server audits contain server and database audit specifications.
