Aside from PCI, I probably hear more about HIPAA compliance (the Health Insurance Portability and Accountability Act) from our customers than other regulations. Although there is no formal certification around HIPAA at this point, health care providers still have a legal requirement to comply with the regulation. If you fall in this bucket, you might want to look at this whitepaper published by Jefferson Wells, http://www.jeffersonwells.com/mssql2008hipaa where they descibe HIPAA compliance with SQL Server 2008. There’s also an associated webcast that you can watch, http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032441700&Culture=en-US.
Hope this helps.
SQL Server Engine Security