Thank you for your reply, Brenden. I checked these settings on QA and Production. They are identical, yet QA media library security is working. I'm unsure if changing this global setting will affect other parts of this particular site, so I will pass this piece on to my team.
Is there anything else we might have missed? My other thought was IIS settings, but I'm unable to check those at the moment. Thanks again!
Media Settings Screenshot