1. F6: Special Collection Service HQ (Beltsville, MD) — Joint CIA/NSA field collection agency operating from embassies and other denied locations. Director reports to DIRNSA
2. SCI COMPARTMENTS
2.1. SI or COMINT -- denotes sensitive SiGINT, DNI and cyber sources and methods
2.2. ECI -- protects NSA relationships with other government agencies and private companies.
2.2.1. ECI-FGT --> SCS Product
2.2.2. ECI-AMB Ambulate
2.2.3. ECI-PIQ Picaresque
2.2.4. ECI compartments include PIEDMONT, PENDLETON, PITCHFORK, PAWLEYS, AUNTIE, PAINTEDEAGLE
2.3. VRK -- exceptionally sensitive sources of national and strategic importance
2.4. RAGTIME -- protects "product " gathered from FISA intercepts
3. Large domestic operating field sites
3.1. Columbia, MD
3.2. Friendship Annex, Linthicum, MD
3.3. Finksberg, MD
3.4. Bowie, MD
3.5. College Park, MD
3.6. Ft. Belvoir, VA
3.7. Fairfax, VA
3.8. Washington, DC
3.9. Ft. Detrick (Site R)
3.10. Camp Williams, UT
3.11. NSA Georgia (Ft. Gordon)
3.12. NSA Texas (Lackland AFB, San Antonio)
3.13. Greenville, TX
3.14. NSA Hawaii (Kunia)
3.15. NSA Denver (Aurora), co-located with CIA's National Resources Division
3.16. NSA Oak Ridge (Tennessee)
3.17. Yakima, WA JACKNIFE
3.18. Winter Harbor, ME
3.19. Formerly: Sugar Grove, WV, Rosman, NC TIMBERLINE
3.20. NSA Continuity of Government site
3.21. NSA CMOC -- Cheyenne Mounfain
4. Main Databases and SIGINT architecture
4.1. Aquador — Merchant ship tracking tool
4.2. NUCLEON — Global telephone content database
4.3. AIRGAP — Priority missions tool used to determine SIGINT gaps
4.4. HOMEBASE — A tactical tasking tool for digital network identification
4.5. SNORT — Repository of computer network attack techniques/coding
4.5.1. SHARKFIN tool
4.6. WIRESHARK — Repository of malicious network signatures
4.7. TRAFFICTHIEF — Raw SIGINT viewer for data analysis
4.8. TWISTEDPATH
4.9. BANYAN — NSA tactical geospatial correlation database
4.10. MESSIAH/WHAMI — ELINT processing and analytical database
4.11. MAINWAY — Telephony metadata collection database
4.12. ONEROOF — Main tactical SIGINT database (Afghanistan), consisting of raw and unfiltered intercepts, associated with Coastline tool
4.13. AGILITY
4.14. MARINA — Internet metadata collection database
4.15. ASSOCIATION — Tactical SIGINT social network database
4.16. CREEK
4.17. SPITGLASS
4.18. FASCIA
4.19. PROTON — SIGINT database for database for time-sensitive targets/counterintelligence
4.19.1. Criss-Cross tool
4.20. PINWALE — SIGINT content database
4.21. TOYGRIPPE
4.22. SURREY
4.23. OCTAVE/CONTRAOCTIVE — Collection mission tasking tool -- where "selectors" live
4.24. CONVEYENCE DNI content database
4.25. ANCHORY — Main repository of finished NSA SIGINT reports (associated with MAUI)
4.26. WRANGLER — Electronic Intelligence intercept raw database
4.27. JOLLYROGER
4.28. CADENCE
4.29. GLOBALREACH
4.30. Analytical Systems
4.30.1. Unified Targeting Tool
4.30.2. CHALKFUN
4.30.3. SPYDER
4.30.4. TRANSx
4.31. TRACFIN
4.32. TUNINGFORK
4.33. FASTSCOPE
4.34. CYBER / TAO Tools
4.34.1. EMBRACEFLINT
4.34.2. BROKENTIGO
4.35. CASPORT -- main NSA corporate / access identification tool used to control product dissemination
4.36. DISHFIRE -- Associational and relational database for political and strategic intelligence by key selectors
4.37. YELLOWSTONE
4.38. CULTWEAVE Priority SIGINT Database
4.39. Broom Stick
4.40. MASTERSHAPE
4.41. AGILITY - Database of foreign intelligence selectors
4.42. TURMOIL -- fiber switch collection database
4.43. Transit Switch / Hub Collection and Processing Tools
4.43.1. WINDSTOP
4.43.2. MYSTIC
4.43.3. RAM-A,IX,T,M
4.43.4. DGO
4.44. Reporting tools
4.44.1. CPE
4.44.2. Voice master
4.44.3. Center mass
4.44.4. Gist Queue
4.44.5. Taperlay
5. NSA Field Stations — Remote collection and analytical facilities
5.1. F7: Meade Operations Center — 24/7 SIGINT support to deployed military units
5.2. SORC/FP: Special Operations Readiness Cells (Focal Point) — Support to special operations forces as part of the Focal Point Special Access Program
6. Foreign Affairs Directorate — Liaison with foreign intelligence services, counter-intelligence centers, UK/USA and FIVE EYES exchanges
6.1. Office of Export Control Policy
7. NSA Acquisitions and Procurement Directorate
7.1. Program Executive Office — Oversees acquisition of major NSA backbone projects like TRAILBLAZER, CMM, REBA, JOURNEYMAN, and ICEBERG
7.1.1. VOXGLO -- major cyber and enterprising computing project
7.2. Advanced Analytical Laboratory
7.3. Corporate Assessments Offices
7.4. Rebuilding Analysis Program Office
7.5. Knowledge System Prototype Program Office
7.6. Maryland Procurement Office
7.6.1. Acquisitions Program Manager for Signals Intelligence
7.6.2. Acquisitions Program Manager for Research
7.7. Acquisition Logistics Integrated Product Team
8. Information Assurance Directorate
8.1. IC: Cyber Integration Division
8.2. IE: Engagement Division
8.2.1. Client Engagement and Community Outreach Group
8.2.2. Interagency Operations Security Support Staff (OPSEC)
8.3. I2: Trusted Engineering Solutions
8.3.1. I2N: Office of National and Nuclear Command Capabilities — Provides the launch codes for nuclear weapons
8.3.1.1. Electronic Key Support Central Management Facility — Provides over-the-air code keying for the entire national security establishment
8.4. I3: Information Operations
8.4.1. Mission Integration Office
8.4.2. Technical Security Evaluations
8.4.3. Red Cell — Conducts surprise penetrations of U.S. government networks
8.4.4. Blue Cell — Conducts audits of U.S. government networks
8.4.5. HUNT: Advanced adversary network penetration cell — Monitors NSA networks 24/7 to detect advanced cyber penetrations
8.4.6. Joint Communications Security Monitoring Agency
8.5. I4: Fusion, Analysis, Mitigation
9. Research Directorate
9.1. R1: Math
9.2. R2: Trusted Systems
9.3. R3: LPS — Physical science lab
9.4. R4: LTS — Telecom science lab ( high-speed networks, wireless communications, and quantum key distribution)
9.5. R05: Center for the Advanced Study of Language
9.6. R6: Computer and Information Science
9.7. RX: Special Access Programs/Compartmented Research
10. Signals Intelligence Directorate
10.1. S1: Customer Relations
10.1.1. A&R Watch (K Watch Ops) 199
10.1.2. S11: Customer Gateway
10.1.3. S12: Information Sharing and Services Branch
10.1.4. S124: Staff Services Division
10.2. S2: Analysis and Production
10.2.1. FISA Special Adjudication Office — Provides 24/7 support to each product line shift to facilitate rapid FISA processing
10.2.2. NSA Product Lines
10.2.2.1. S2A: South Asia
10.2.2.1.1. S25A51 -- South Asian Language Analysis Branch
10.2.2.1.2. S25A52 -- South Asian Reporting Branch
10.2.2.2. S2B: China and Korea
10.2.2.3. S2C: International Security
10.2.2.3.1. S2C42 -- Western Europe and Strategic Partnership Division
10.2.2.3.2. S2C41 Mexico Team
10.2.2.4. S2D: Counter-foreign intelligence
10.2.2.5. S2E: Middle East/Asian
10.2.2.6. S2F: International Crime
10.2.2.7. S2G: Counterproliferation
10.2.2.8. S2H: Russia
10.2.2.9. S2I: Counterterrorism
10.2.2.9.1. S2IX: Special Counterterrorism Operations
10.2.2.9.2. S2I42 -- Hezbollah Team
10.2.2.9.3. S2I43 -- NOM Team
10.2.2.9.4. S2I5 -- AAP (PSP analytical unit)
10.2.2.10. S2J: Weapons and Space
10.2.2.11. S2T: Current Threats
10.2.2.12. S2T3: NSA/CSS Threat Operations Center
10.2.2.13. S2X: ??
10.2.2.14. Each production line has a language analysis branch, a reporting branch, a compliance branch, a technical branch, and a customer services branch
10.3. S3: Data Acquisition
10.3.1. S31: Cryptologic Exploitation Services
10.3.1.1. Signals and Surveys Analysis Division
10.3.1.1.1. Technical Exploitation Center
10.3.1.1.2. Project BULLRUN
10.3.1.2. S3132: Protocol, Exploitation, and Dissemination Cell — Shunts SIGINT by type to databases
10.3.1.3. Target Office of Primary Interest
10.3.1.4. S31174 Office of Target Pursuit
10.3.2. S32: Tailored Access Operations
10.3.2.1. Network Warfare Team — Liaison with military
10.3.2.2. S321: Remote Operations Center
10.3.2.2.1. Network Ops Center
10.3.2.2.2. Operational Readiness
10.3.2.2.3. Interactive Operations Division
10.3.2.2.4. Production Operations Division
10.3.2.2.5. Access Operations Division — Works with CIA's Technology Management Office to break into hard-to-reach networks
10.3.2.3. S323: Data Network Technologies (researches how to penetrate secure networks)
10.3.2.4. FG3223: Media Exploitation and Analysis
10.3.2.5. S324: Telecommunications Network Technologies — Develops technologies to penetrate telecom networks
10.3.2.6. S325: Mission Infrastructure Technologies — Operational computer network exploitation and enemy infrastructure vulnerability mapping
10.3.2.7. S327: Targeting and Requirements
10.3.2.8. S328: Access Technologies Operations (computer network attack) — Works with CIA's TMO
10.3.2.9. S32P. TAO Program Planning Integration
10.3.3. S33: Link Access // Global Access Operations
10.3.3.1. S332: Terrestrial SIGINT
10.3.3.2. S333: Overhead SIGINT
10.3.3.2.1. Overhead Collection Management Center
10.3.3.2.2. SSPO
10.3.3.3. S33P ISR Portfolio Management Office
10.3.3.3.1. S33P2 Technology Integration Division
10.3.3.3.2. S33P3 Tactical SIGINT Technology Office
10.3.3.3.3. AIRSTEED Program Office — Cell phone tracking
10.3.3.4. Community ELINT Management Office
10.3.3.5. OCEANSURF Program Office — $450m systems engineering hub
10.3.4. S34: Collection Strategies and Requirements Center
10.3.4.1. S342: Collection Coordination and Strategies
10.3.4.2. S343: Targeting and Mission Management — Approves targets for analysts/makes sure that SIGINT targeting matches intelligence requirements
10.3.4.3. S344: Partnership and Enterprise Management
10.3.5. S35 Special Source Operations
10.3.5.1. Program Offices
10.3.5.1.1. 35333: PRISM Program Office
10.3.5.1.2. CHASEFALCON — Unknown major program office
10.3.5.1.3. S352: PRINTAURA — NSA unit involved in data filtering; program office for TRAFFICTHIEF tool
10.3.5.1.4. OCELOT (FORNSAT)
10.3.5.1.5. Crosshair Net Management Center/Crosshair Support Center — Directing finding
10.3.5.1.6. Radio Frequency Targeted Operations Office
10.3.5.1.7. VOXGLO — Unknown major program office
10.3.5.1.8. V34 -- Next Generation Wireless (NGW) exploitation program
10.3.5.1.9. Corporate Partner Access PMO
10.4. SV -- Signals Intelligence Directorate Oversight and Compliance
10.4.1. SV4 FISA Compliance and Processing
10.5. SSG -- SIGDEV Strategy and Governance
11. T: Technical Directorate
11.1. TE: Enterprise Systems Engineering and Architecture
11.2. TS: Information Systems and Security
11.2.1. Public Key Infrastructure (PKI) Program Management Office (PMO)
11.3. TT: Independent Test and Evaluation
11.4. T1: Mission Capabilities
11.4.1. T132 — The "scissors" team: division that physically separates traffic by type once it's been ingested
11.4.2. Strategic SATCOM Security Engineering Office
11.5. T2: Business Capabilities
11.6. T3: Enterprise IT Services
11.6.1. T3221: Transport Field Services
11.6.2. T334: National Signals Processing Center
11.6.3. T335: Deployable Communications Operations
11.7. T5: CARILLION — High performance computing center
11.8. T6: Technical SIGINT and Ground Capabilities
11.9. OTRS -- Office of Target Reconnaissance and Survey -- provides rapid technological solutions for tactical SIGINT problems
12. Information Technology Infrastructure Services (ITIS) System Office
13. L: Installation and Logistics
14. M: Human Resources — Q: Security and Counterintelligence
14.1. Q2: Office of Military Personnel
14.2. Q3: Office of Civilian Personnel
14.3. QJ1: HR operations/global personnel SA
14.4. Q43: Information Policy Division
14.5. Q5: Office of Security
14.6. Q509: Security Policy Staff
14.7. Q51: Physical Security Division
14.8. Q52: Field Security Division
14.9. Q55: NSA CCAO
14.10. Q56: Security Awareness
14.11. Q57: Polygraph
14.12. Q7: Counterintelligence
15. Cross-functional units // co-located with SID S2 Production Lines
15.1. National Security Operations Center — Main NSA intelligence watch facility
15.1.1. DECKPIN — NSA crisis cell activated during emergencies
15.1.2. CMM — Cryptologic Management Mission program office
15.2. Integrated Broadcast Support Services Office — Provides SIGINT "RSS" feeds to customers
15.3. DEFSMAC: Defense Special Missile and Aerospace Center
15.4. NSA/CSS Commercial Solutions Center
15.5. NSA/CSS Threat Operations Center — Main cyber watch center
15.5.1. Office of Analysis
15.6. Unified Cryptologic Architecture Office
15.6.1. Integration
15.6.2. Systems Engineering/Architecture Analyses and Issues
15.6.3. Architecture
15.6.4. Process
15.6.5. Planning and Financial Management
15.7. Plans and Exercise Office
15.7.1. NSA Continuity Programs Office
15.7.2. Military Exercise Office
15.7.3. Continuity Engineering Office