1) C2 Audit compliance: It's a US standard of compliance, and is quite strict in terms of its requirements. Everything that is executed on SQL Server is audited and written down to a trace file. And the not so pleasant part is, for whatsoever reason if SQL Server is not able to write to a trace, SQL Server service would be stopped. Once this auditing standard is enabled, the trace recording gets triggered and the file is saved in default directory. It can be enabled just by using sp_configure stored procedure.
2) Common Criteria compliance: This is an European standard of compliance and is considered to be a superset of C2 audit compliance. It is more flexible or I should use the word more free form in terms of the requirements it lays down for its compliance. A very nice article on this compliance can be found on SSQA.net.
3) PCI compliance: PCI is carried out on projects in almost any CMM level 5 organisation that practices Quality Assurance on projects genuinely. SQL Server has support for this too. A nice webcast and whitepaper on the same are available that guides how and what of PCI compliance with SQL Server 2008.
Those who need more information on compliance can download the SQL Server 2008 Compliance Guide for detailed information.