Merge pull request #36407 from MicrosoftDocs/main

Auto Publish – main to live - 2026-01-23 18:30 UTC

Author: learn-build-service-prod[bot]

azure-sql/database/metrics-diagnostic-telemetry-logging-streaming-export-configure.md

@@ -1,10 +1,10 @@
 ---
-title: Enable Common Criteria Compliance Configuration
+title: "Server Configuration: common criteria compliance enabled"
 description: Learn how to enable Common Criteria compliance. See how to comply with Common Criteria evaluation assurance level 2 (EAL2) and 4+ (EAL4+) for EU cybersecurity certification scheme on Common Criteria (EUCC) certification approval. A world-wide compliance obligation across regulated industries and authorities.
 author: rwestMSFT
 ms.author: randolphwest
 ms.reviewer: dianas
-ms.date: 08/26/2025
+ms.date: 01/22/2026
 ms.service: sql
 ms.subservice: configuration
 ms.topic: how-to
@@ -17,44 +17,68 @@ helpviewer_keywords:
   - "RIP (Residual Information Protection)"
 ---
 
-# Enable common criteria compliance configuration
+# Server configuration: common criteria compliance enabled
 
 [!INCLUDE [SQL Server](../../includes/applies-to-version/sqlserver.md)]
 
+Common Criteria Certification (CCC) is an international program used to confirm that an IT product meets defined security requirements.
+
+Use the `common criteria compliance enabled` server configuration option to help SQL Server meet Common Criteria security requirements. This configuration option helps you comply with Common Criteria evaluation assurance level 2 (EAL2) or 4+ (EAL4+).
+
+## Common Criteria requirements
+
 The `common criteria compliance enabled` configuration setting aligns with the following elements as required for the [Common Criteria for Information Technology Security Evaluation](https://www.commoncriteriaportal.org).
 
-| Criteria | Description |
-| --- | --- |
-| Residual Information Protection (RIP) | RIP requires a memory allocation to be overwritten with a known pattern of bits before memory is reallocated to a new resource. Meeting the RIP standard can contribute to improved security; however, overwriting the memory allocation can slow performance. After the common criteria compliance enabled option is enabled, the overwriting occurs. |
-| The ability to view login statistics | Login auditing is enabled after the common criteria compliance option is enabled.<br /><br />Login times that are made available on a per-session basis each time a user successfully logs in to SQL Server:<br /><br />- Information about the last successful login time<br />- The last unsuccessful login time<br />- The number of attempts between the last successful login and the current login<br /><br />To view these login statistics, query [sys.dm_exec_sessions](../../relational-databases/system-dynamic-management-views/sys-dm-exec-sessions-transact-sql.md). |
-| That column `GRANT` shouldn't override table `DENY` | After the common criteria compliance enabled option is enabled, a table-level `DENY` takes precedence over a column-level `GRANT`. When the option isn't enabled, a column-level `GRANT` takes precedence over a table-level `DENY`. |
+### Residual Information Protection
 
-Common criteria compliance is only evaluated and certified for Enterprise Edition.
+Residual Information Protection requires a memory allocation to be overwritten with a known pattern of bits before memory is reallocated to a new resource. Meeting the Residual Information Protection standard can contribute to improved security; however, overwriting the memory allocation can slow performance. After the `common criteria compliance enabled` option is enabled, the overwriting occurs.
 
-The `common criteria compliance enabled` setting is an advanced option. To view the setting, enable [show advanced options](show-advanced-options-server-configuration-option.md).
+### The ability to view login statistics
+
+Login auditing is enabled after the `common criteria compliance enabled` option is enabled.
+
+Login times that are made available on a per-session basis each time a user successfully logs in to SQL Server:
+
+- Information about the last successful login time
+- The last unsuccessful login time
+- The number of attempts between the last successful login and the current login
+
+To view these login statistics, query [sys.dm_exec_sessions](../../relational-databases/system-dynamic-management-views/sys-dm-exec-sessions-transact-sql.md).
+
+### Column `GRANT` shouldn't override table `DENY`
+
+After you enable the `common criteria compliance enabled` configuration option, a table-level `DENY` takes precedence over a column-level `GRANT`. If this configuration option isn't enabled, a column-level `GRANT` takes precedence over a table-level `DENY`.
+
+## Common Criteria certification
 
-For the latest status of Common Criteria certification, download and review the [Common Criteria for SQL Server Datasheet](https://go.microsoft.com/fwlink/?LinkId=616319). The datasheet links to the latest scripts to finish configuration. The scripts are required to comply with Common Criteria evaluation assurance level 2 (EAL2) and 4+ (EAL4+). The scripts create triggers. These triggers are required to configure a Common Criteria compliant instance. There are specific scripts for Windows and Linux. The datasheet also instructs how to verify the scripts before you run them.
+For the latest status of Common Criteria certification, download and review the [Common Criteria for SQL Server Datasheet](https://go.microsoft.com/fwlink/?LinkId=616319). The datasheet links to the latest scripts to finish configuration. The scripts are required to comply with Common Criteria evaluation assurance level 2 (EAL2) and 4+ (EAL4+).
+
+The scripts create triggers. These triggers are required to configure a Common Criteria compliant instance. There are specific scripts for Windows and Linux. The datasheet also instructs how to verify the scripts before you run them.
 
 To comply with Common Criteria evaluation assurance level EAL2 and EAL4+:
 
 1. Enable `show advanced options`.
 1. Enable compliance with `sp_configure` as demonstrated in [Examples](#examples).
 1. Install common criteria triggers.
 
+## Remarks
+
+Common Criteria compliance is only evaluated and certified for [!INCLUDE [ssenterprise-md](../../includes/ssenterprise-md.md)].
+
+The `common criteria compliance enabled` setting is an advanced option. To view the setting, enable [show advanced options](show-advanced-options-server-configuration-option.md).
+
+When you enable the `common criteria compliance enabled` configuration option, you might notice a degradation in [!INCLUDE [ssnoversion-md](../../includes/ssnoversion-md.md)] performance. For more information, see [Performance degradation in SQL Server with common criteria compliance enabled](/troubleshoot/sql/database-engine/performance/performance-degradation-ccc-enabled).
+
 ## Examples
 
-The following example enables common criteria compliance.
+The following example enables Common Criteria compliance.
 
 ```sql
 EXECUTE sp_configure 'show advanced options', 1;
-GO
-
 RECONFIGURE;
 GO
 
 EXECUTE sp_configure 'common criteria compliance enabled', 1;
-GO
-
 RECONFIGURE WITH OVERRIDE;
 GO
 ```

docs/database-engine/configure-windows/common-criteria-compliance-enabled-server-configuration-option.md

@@ -7,7 +7,7 @@ ms.reviewer: maghan
 ms.date: 01/06/2025
 ms.service: sql
 ms.subservice: system-objects
-ms.topic: conceptual
+ms.topic: reference
 ms.custom:
   - ignite-2025
 f1_keywords:

docs/relational-databases/system-dynamic-management-views/sys-dm-db-log-info-transact-sql.md

@@ -6,7 +6,7 @@ ms.author: randolphwest
 ms.date: 09/07/2025
 ms.service: sql
 ms.subservice: system-objects
-ms.topic: conceptual
+ms.topic: reference
 ms.custom:
   - ignite-2025
 f1_keywords:

docs/relational-databases/system-dynamic-management-views/sys-dm-db-log-space-usage-transact-sql.md

@@ -7,7 +7,7 @@ ms.reviewer: randolphwest
 ms.date: "06/19/2023"
 ms.service: sql
 ms.subservice: system-objects
-ms.topic: conceptual
+ms.topic: reference
 ms.custom:
   - ignite-2025
 f1_keywords:

docs/relational-databases/system-dynamic-management-views/sys-dm-db-page-info-transact-sql.md

@@ -6,7 +6,7 @@ ms.author: randolphwest
 ms.date: 09/07/2025
 ms.service: sql
 ms.subservice: system-objects
-ms.topic: conceptual
+ms.topic: reference
 ms.custom:
   - ignite-2025
 f1_keywords:

docs/relational-databases/system-dynamic-management-views/sys-dm-db-stats-histogram-transact-sql.md

@@ -6,7 +6,7 @@ ms.author: randolphwest
 ms.date: "06/19/2023"
 ms.service: sql
 ms.subservice: system-objects
-ms.topic: conceptual
+ms.topic: reference
 ms.custom:
   - ignite-2025
 f1_keywords:

docs/relational-databases/system-dynamic-management-views/sys-dm-exec-function-stats-transact-sql.md

@@ -6,7 +6,7 @@ ms.author: randolphwest
 ms.date: 09/07/2025
 ms.service: sql
 ms.subservice: system-objects
-ms.topic: conceptual
+ms.topic: reference
 ms.custom:
   - ignite-2025
 f1_keywords:

docs/relational-databases/system-dynamic-management-views/sys-dm-exec-query-plan-stats-transact-sql.md

@@ -6,7 +6,7 @@ ms.author: randolphwest
 ms.date: 03/31/2025
 ms.service: sql
 ms.subservice: system-objects
-ms.topic: conceptual
+ms.topic: reference
 ms.custom:
   - ignite-2025
 f1_keywords:

docs/relational-databases/system-dynamic-management-views/sys-dm-exec-query-statistics-xml-transact-sql.md

@@ -6,7 +6,7 @@ ms.author: randolphwest
 ms.date: "11/17/2016"
 ms.service: sql
 ms.subservice: system-objects
-ms.topic: conceptual
+ms.topic: reference
 ms.custom:
   - ignite-2025
 f1_keywords: