Why we have an MP policy

The ISPG Policy team published the new Media Protection (MP) Handbook early in September 2024.

Media Protection exists to protect media within an organization, and the definition of media is fairly broad: all physical devices, writing surfaces, and communication channels that include storage capabilities. Whether the communication is digital or in print and on paper, the MP policy covers proper handling and governance.

The new handbook replaces Risk Management Handbook (RMH) Chapter 10: Media Protection.

What’s in the MP Handbook?

The handbook starts with an overview of Media Protection, defining the overall practice as well as the term “media.” It identifies the policies in NIST and elsewhere that the handbook addresses.

Most of the handbook goes in depth on the different elements of Media Protection:

• Media Access
• Media Marking
• Media Storage
• Media Transport
• Media Sanitization
• Media Use

The handbook also identifies where to get questions answered or help with creating your MP practice.

What should people do next?

Anyone who anyone who creates, stores, and uses media at CMS — that’s everyone — should read and follow the procedures and practices outlined in the MP Handbook.

Because this handbook replaces RMH Chapter 10: Media Protection, you should update any references or bookmarks that point to that resource.

Questions?

If you have questions, contact us:

• On CMS Slack in #ispg-sec_privacy-policy (login required)
• Via email at CISO@cms.hhs.gov

Tell us what you think

At ISPG, we want to provide everyone at CMS with helpful information about security and privacy requirements. Please take a moment to let us know how we’re doing.

Give feedback about the new MP Handbook here.