No, that’s not a mis-print – it’s SQL Server 2005 SP2 I’m talking about. This criteria is increadibly exacting, and takes a huge investment in time and money from a company (like us) to reach. If you’re in an installation that requires this type of certification, you can move to SP2 now. Here’s the full report from the team:
“SQL Server 2005 SP2 has been successfully evaluated against the Common Criteria at EAL4+ (Evaluation Assurance Level 4+) including compliance with the US NSA DBMS Protection Profile V1.1. It is now certified and posted on the BSI (Bundesamt fur Sicherheit in der Informationstechnik) website (http://www.bsi.de/zertifiz/zert/reporte.htm#Database ) of the German government. Due to an international mutual recognition agreement (CCRA), that certification is valid in 25 countries including the United States. It may also be accepted individually by another 30+ countries not part of the CCRA.
Following that EAL1/EAL4+ strategy, we are scheduled to complete the CC EAL1 evaluation of SQL Server 2008 by the end of 2008. And we are scheduled to begin formal CC EAL4+ evaluation of SQL Server 2008 in early January 2009.
While CC evaluation is either required or recommended by many governments, it is also required or preferred by large commercial customers.”