Review system documentation to determine if Common Criteria Compliance is not required due to potential impact on system performance. SQL Server Residual Information Protection (RIP) requires a memory allocation to be overwritten with a known pattern of bits before memory is reallocated to a new resource. Meeting the RIP standard can contribute to improved security; however, overwriting the memory allocation can slow performance. After the common criteria compliance enabled option is enabled, the overwriting occurs. Review the Instance configuration: SELECT value_in_use FROM sys.configurations WHERE name = 'common criteria compliance enabled' If "value_in_use" is set to "1" this is not a finding. If "value_in_use" is set to "0" this is a finding. NOTE: Enabling this feature may impact performance on highly active SQL Server instances. If an exception justifying setting SQL Server Residual Information Protection (RIP) to disabled (value_in_use set to "0") has been documented and approved, then this may be downgraded to a CAT III finding.