Does SQL Server support PCI Compliance Standards features including periodic changing of keys, destruction of old keys, split knowledge and establishment of dual control of keys, and prevention of unauthorized substitution of keys?
SQL Server 2008 has the encryption key management feature’s you’re looking for…
SQL Server 2008 Extensible Key Management enables the encryption keys that protect the database files to be stored in an off-box device such as a smartcard, USB device, or EKM/HSM module. This also enables data protection from database administrators (except members of the sysadmin group). Data can be encrypted by using encryption keys that only the database user has access to on the external EKM/HSM module.
Extensible Key Management also provides the following benefits:
* Additional authorization check (enabling separation of duties).
* Higher performance for hardware-based encryption/decryption.
* External encryption key generation.
* External encryption key storage (physical separation of data and keys).
* Encryption key retrieval.
* External encryption key retention (enables encryption key rotation).
* Easier encryption key recovery.
* Manageable encryption key distribution.
* Secure encryption key disposal..
See the full article