Employ the following controls for personnel exposed to information not within assigned access authorizations: [Assignment: organization-defined controls].