SQL Server Database must be compliant with HIPAA , SOX and PCI as per government rules. Following are basic guideline, which should be considered by DBA on any environment.
HIPAA requires an exception if you copy customer data to a dev box and do not mask the original data.
SOX wants you to lock down the database and minimize updates to production. Check your security if developers can update production.
PCI auditing wants encryption for transactions for credit cards. Consider Transparent Data Encryption in SQL Server 2008 if you must use this and SSL for the encryption layer.
Auditing generally requires a lot of overhead. If you must enable auditing, make sure the server you’re using has enough space for logs and enough CPU and memory to handle the auditing overhead.