Media Protection Policy and Procedures | MP-1

Media Protection Policy

MCC recognizes that media protection policies and procedures are vital to reducing information security risks.

Purpose

The Media Protection Policy and associated controls document the minimum standards required to protect the data stored or processed by MCC.

All information resources that process, store, transmit or otherwise impact the confidentiality, integrity or accessibility of MCC data must meet the Media Protection Policy and security controls.

Media includes both electronic media (e.g., hard drives, mobile devices including portable storage media such as USB memory sticks and portable computing and communications devices (e.g., laptop computers, tablets, smartphones, digital cameras, audio recording devices) and non-electronic media (e.g., paper).

Scope and Roles

This policy applies to information resources owned or managed by MCC. The intended audience includes all individuals involved in the handling of media that stores or processes data.

Compliance

Media Protection controls are implemented to ensure compliance with Texas Government Code 441.187 Destruction of State Records, Texas Administrative Code §6.95 Final Disposition of Electronic State Records, and the Texas Department of Information Resources (DIR) Security Control Standards Catalog as required by Title 1 Texas Administrative Code §202.76.

Implementation

• Information Resource Owners or their designees are responsible for documenting and disseminating procedures that address the Media Protection family of controls for the information resources under their control.
• The Cybersecurity Manager of their designee is responsible for ensuring that this policy and supporting procedures are periodically reviewed and updated. 

Last updated: 5/13/2026