IR-9(4)—Exposure To Unauthorized Personnel
>Control Description
Employ the following controls for personnel exposed to information not within assigned access authorizations: [Assignment: organization-defined controls].
>Supplemental Guidance
Controls include ensuring that personnel who are exposed to spilled information are made aware of the laws, executive orders, directives, regulations, policies, standards, and guidelines regarding the information and the restrictions imposed based on exposure to such information.