Common Criteria (CC) Certification is required for any environment and SQL Server is no compromise or exception in this case.
I would like to highlight a brief introduction to this requirement (as per my experience), in the recent times many changes to the laws in Financial sector or any industry that operates on governments and commercial users of DBMS products, there is a big need to understand the security functionalities and the quality of those functionalities that they purchase and use. TO my knowledge until the year 2005 the process of obtaining the CC certification process used to obtain with a third party evaluation method of security verification and for that each nation in the past required its own evaluation, an expensive proposition for vendors and customers alike. This has lead to expensive terms in order to share any evaluation between the companies that are spread over the continents, as the criteria differs from place to place, such as Americas and Euope. So this is where Microsoft has come out with the real solution (as per their source) that was the Common Criteria, where an evaluation under its strict conditions is formally recognized currently by twenty-four nations by an international agreement (the Common Criteria Mutual Recognition Arrangement or CCRA) and by dozens more countries and by many commercial users beyond the agreement. For further information on CC refer to SQL Server 2008 Enterprise Edition (x64 and x86) Common Criteria Certification and Common-Criteria(CCRA) link which gives complete criteria that you need to follow.
Further to my knowledge the important aspect of thsi CC process requires the profiles that stands as Protect Profiles which are defined in the documentation, is a set of security functionality requirements and assurance requirements. This profile includes large customers, customer groups, governments and industries that would develop a specific set of security and assurance requirements, often the minimum requirements of the customer or group.
So the whole process covers the security standards that must comply with industry practices, and next step is to provide general guidance on using SQL Server 2008 to address compliance needs. Not only that the documentation must point out the high-level compliance guidance and this is provided by Microsoft’s Solution Accelerator Team as well as guidance for addressing security in the Windows Server operating system. So in order to follow or understand the CC and Compliance process the users should have a general understanding of SQL Server in order to better appreciate the concepts presented on the process, again this is best achieved by referring to the complian hands-on lab in the SDK that will assist with the understanding of the compliance-related features of SQL Server 2008.
To wrap up the subject line here is the interesting read-on (to download 92 page document) for you to know on SQL Server 2008 Compliance Guide and SQL Server 2008 Compliance site, make sure to follow and study each concept list on the compliance guide above.