1. Main Databases and SIGINT architecture
1.1. Aquador — Merchant ship tracking tool
1.2. NUCLEON — Global telephone content database
1.3. AIRGAP — Priority missions tool used to determine SIGINT gaps
1.4. HOMEBASE — A tactical tasking tool for digital network identification
1.5. SNORT — Repository of computer network attack techniques/coding
1.5.1. SHARKFIN tool
1.6. WIRESHARK — Repository of malicious network signatures
1.7. TRAFFICTHIEF — Raw SIGINT viewer for data analysis
1.8. TWISTEDPATH
1.9. BANYAN — NSA tactical geospatial correlation database
1.10. MESSIAH/WHAMI — ELINT processing and analytical database
1.11. MAINWAY — Telephony metadata collection database
1.12. ONEROOF — Main tactical SIGINT database (Afghanistan), consisting of raw and unfiltered intercepts, associated with Coastline tool
1.13. AGILITY
1.14. MARINA — Internet metadata collection database
1.15. ASSOCIATION — Tactical SIGINT social network database
1.16. CREEK
1.17. SPITGLASS
1.18. FASCIA
1.19. PROTON — SIGINT database for database for time-sensitive targets/counterintelligence
1.19.1. Criss-Cross tool
1.20. PINWALE — SIGINT content database
1.21. TOYGRIPPE
1.22. SURREY
1.23. OCTAVE/CONTRAOCTIVE — Collection mission tasking tool -- where "selectors" live
1.24. CONVEYENCE DNI content database
1.25. ANCHORY — Main repository of finished NSA SIGINT reports (associated with MAUI)
1.26. WRANGLER — Electronic Intelligence intercept raw database
1.27. JOLLYROGER
1.28. CADENCE
1.29. GLOBALREACH
1.30. Analytical Systems
1.30.1. Unified Targeting Tool
1.30.2. CHALKFUN
1.30.3. SPYDER
1.30.4. TRANSx
1.31. TRACFIN
1.32. TUNINGFORK
1.33. FASTSCOPE
1.34. CYBER / TAO Tools
1.34.1. EMBRACEFLINT
1.34.2. BROKENTIGO
1.35. CASPORT -- main NSA corporate / access identification tool used to control product dissemination
1.36. DISHFIRE -- Associational and relational database for political and strategic intelligence by key selectors
1.37. YELLOWSTONE
1.38. CULTWEAVE Priority SIGINT Database
1.39. Broom Stick
1.40. MASTERSHAPE
1.41. AGILITY - Database of foreign intelligence selectors
1.42. TURMOIL -- fiber switch collection database
1.43. Transit Switch / Hub Collection and Processing Tools
1.43.1. WINDSTOP
1.43.2. MYSTIC
1.43.3. RAM-A,IX,T,M
1.43.4. DGO
1.44. Reporting tools
1.44.1. CPE
1.44.2. Voice master
1.44.3. Center mass
1.44.4. Gist Queue
1.44.5. Taperlay
2. NSA Acquisitions and Procurement Directorate
2.1. Program Executive Office — Oversees acquisition of major NSA backbone projects like TRAILBLAZER, CMM, REBA, JOURNEYMAN, and ICEBERG
2.1.1. VOXGLO -- major cyber and enterprising computing project
2.2. Advanced Analytical Laboratory
2.3. Corporate Assessments Offices
2.4. Rebuilding Analysis Program Office
2.5. Knowledge System Prototype Program Office
2.6. Maryland Procurement Office
2.6.1. Acquisitions Program Manager for Signals Intelligence
2.6.2. Acquisitions Program Manager for Research
2.7. Acquisition Logistics Integrated Product Team
3. T: Technical Directorate
3.1. TE: Enterprise Systems Engineering and Architecture
3.2. TS: Information Systems and Security
3.2.1. Public Key Infrastructure (PKI) Program Management Office (PMO)
3.3. TT: Independent Test and Evaluation
3.4. T1: Mission Capabilities
3.4.1. T132 — The "scissors" team: division that physically separates traffic by type once it's been ingested
3.4.2. Strategic SATCOM Security Engineering Office
3.5. T2: Business Capabilities
3.6. T3: Enterprise IT Services
3.6.1. T3221: Transport Field Services
3.6.2. T334: National Signals Processing Center
3.6.3. T335: Deployable Communications Operations
3.7. T5: CARILLION — High performance computing center
3.8. T6: Technical SIGINT and Ground Capabilities
3.9. OTRS -- Office of Target Reconnaissance and Survey -- provides rapid technological solutions for tactical SIGINT problems
4. M: Human Resources — Q: Security and Counterintelligence
4.1. Q2: Office of Military Personnel
4.2. Q3: Office of Civilian Personnel
4.3. QJ1: HR operations/global personnel SA
4.4. Q43: Information Policy Division
4.5. Q5: Office of Security
4.6. Q509: Security Policy Staff
4.7. Q51: Physical Security Division
4.8. Q52: Field Security Division
4.9. Q55: NSA CCAO
4.10. Q56: Security Awareness
4.11. Q57: Polygraph
4.12. Q7: Counterintelligence
5. Cross-functional units // co-located with SID S2 Production Lines
5.1. National Security Operations Center — Main NSA intelligence watch facility
5.1.1. DECKPIN — NSA crisis cell activated during emergencies
5.1.2. CMM — Cryptologic Management Mission program office
5.2. Integrated Broadcast Support Services Office — Provides SIGINT "RSS" feeds to customers
5.3. DEFSMAC: Defense Special Missile and Aerospace Center
5.4. NSA/CSS Commercial Solutions Center
5.5. NSA/CSS Threat Operations Center — Main cyber watch center
5.5.1. Office of Analysis
5.6. Unified Cryptologic Architecture Office
5.6.1. Integration
5.6.2. Systems Engineering/Architecture Analyses and Issues
5.6.3. Architecture
5.6.4. Process
5.6.5. Planning and Financial Management
5.7. Plans and Exercise Office
5.7.1. NSA Continuity Programs Office
5.7.2. Military Exercise Office
5.7.3. Continuity Engineering Office
5.8. J2 Cryptologic Intelligence Unit (collects intelligence on worldwide cryptologic efforts).
6. F6: Special Collection Service HQ (Beltsville, MD) — Joint CIA/NSA field collection agency operating from embassies and other denied locations. Director reports to DIRNSA
7. SCI COMPARTMENTS
7.1. SI or COMINT -- denotes sensitive SiGINT, DNI and cyber sources and methods
7.2. ECI -- protects NSA relationships with other government agencies and private companies.
7.2.1. ECI-FGT --> SCS Product
7.2.2. ECI-AMB Ambulate
7.2.3. ECI-PIQ Picaresque
7.2.4. ECI compartments include PIEDMONT, PENDLETON, PITCHFORK, PAWLEYS, AUNTIE, PAINTEDEAGLE
7.3. VRK -- exceptionally sensitive sources of national and strategic importance
7.4. RAGTIME -- protects "product " gathered from FISA intercepts
8. Large domestic operating field sites
8.1. Columbia, MD
8.2. Friendship Annex, Linthicum, MD
8.3. Finksberg, MD
8.4. Bowie, MD
8.5. College Park, MD
8.6. Ft. Belvoir, VA
8.7. Fairfax, VA
8.8. Washington, DC
8.9. Ft. Detrick (Site R)
8.10. Camp Williams, UT
8.11. NSA Georgia (Ft. Gordon)
8.12. NSA Texas (Lackland AFB, San Antonio)
8.13. Greenville, TX
8.14. NSA Hawaii (Kunia)
8.15. NSA Denver (Aurora), co-located with CIA's National Resources Division
8.16. NSA Oak Ridge (Tennessee)
8.17. Yakima, WA JACKNIFE
8.18. Winter Harbor, ME
8.19. Formerly: Sugar Grove, WV, Rosman, NC TIMBERLINE
8.20. NSA Continuity of Government site
8.21. NSA CMOC -- Cheyenne Mounfain
9. NSA Field Stations — Remote collection and analytical facilities
9.1. F7: Meade Operations Center — 24/7 SIGINT support to deployed military units
9.2. SORC/FP: Special Operations Readiness Cells (Focal Point) — Support to special operations forces as part of the Focal Point Special Access Program
10. Foreign Affairs Directorate — Liaison with foreign intelligence services, counter-intelligence centers, UK/USA and FIVE EYES exchanges
10.1. Office of Export Control Policy
11. Information Assurance Directorate
11.1. IC: Cyber Integration Division
11.2. IE: Engagement Division
11.2.1. Client Engagement and Community Outreach Group
11.2.2. Interagency Operations Security Support Staff (OPSEC)
11.3. I2: Trusted Engineering Solutions
11.3.1. I2N: Office of National and Nuclear Command Capabilities — Provides the launch codes for nuclear weapons
11.3.1.1. Electronic Key Support Central Management Facility — Provides over-the-air code keying for the entire national security establishment
11.4. I3: Information Operations
11.4.1. Mission Integration Office
11.4.2. Technical Security Evaluations
11.4.3. Red Cell — Conducts surprise penetrations of U.S. government networks
11.4.4. Blue Cell — Conducts audits of U.S. government networks
11.4.5. HUNT: Advanced adversary network penetration cell — Monitors NSA networks 24/7 to detect advanced cyber penetrations
11.4.6. Joint Communications Security Monitoring Agency
11.5. I4: Fusion, Analysis, Mitigation
12. Research Directorate
12.1. R1: Math
12.2. R2: Trusted Systems
12.3. R3: LPS — Physical science lab
12.4. R4: LTS — Telecom science lab ( high-speed networks, wireless communications, and quantum key distribution)
12.5. R05: Center for the Advanced Study of Language
12.6. R6: Computer and Information Science
12.7. RX: Special Access Programs/Compartmented Research
13. Signals Intelligence Directorate
13.1. S1: Customer Relations
13.1.1. A&R Watch (K Watch Ops) 199
13.1.2. S11: Customer Gateway
13.1.3. S12: Information Sharing and Services Branch
13.1.4. S124: Staff Services Division
13.2. S2: Analysis and Production
13.2.1. FISA Special Adjudication Office — Provides 24/7 support to each product line shift to facilitate rapid FISA processing
13.2.2. NSA Product Lines
13.2.2.1. S2A: South Asia
13.2.2.1.1. S25A51 -- South Asian Language Analysis Branch
13.2.2.1.2. S25A52 -- South Asian Reporting Branch
13.2.2.2. S2B: China and Korea
13.2.2.3. S2C: International Security
13.2.2.3.1. S2C42 -- Western Europe and Strategic Partnership Division
13.2.2.3.2. S2C41 Mexico Team
13.2.2.4. S2D: Counter-foreign intelligence
13.2.2.5. S2E: Middle East/Asian
13.2.2.6. S2F: International Crime
13.2.2.7. S2G: Counterproliferation
13.2.2.8. S2H: Russia
13.2.2.9. S2I: Counterterrorism
13.2.2.9.1. S2IX: Special Counterterrorism Operations
13.2.2.9.2. S2I42 -- Hezbollah Team
13.2.2.9.3. S2I43 -- NOM Team
13.2.2.9.4. S2I5 -- AAP (PSP analytical unit)
13.2.2.10. S2J: Weapons and Space
13.2.2.11. S2T: Current Threats
13.2.2.12. S2T3: NSA/CSS Threat Operations Center
13.2.2.13. S2X: ??
13.2.2.14. Each production line has a language analysis branch, a reporting branch, a compliance branch, a technical branch, and a customer services branch
13.3. S3: Data Acquisition
13.3.1. S31: Cryptologic Exploitation Services
13.3.1.1. Signals and Surveys Analysis Division
13.3.1.1.1. Technical Exploitation Center
13.3.1.1.2. Project BULLRUN
13.3.1.2. S3132: Protocol, Exploitation, and Dissemination Cell — Shunts SIGINT by type to databases
13.3.1.3. Target Office of Primary Interest
13.3.1.4. S31174 Office of Target Pursuit
13.3.2. S32: Tailored Access Operations
13.3.2.1. Network Warfare Team — Liaison with military
13.3.2.2. S321: Remote Operations Center
13.3.2.2.1. Network Ops Center
13.3.2.2.2. Operational Readiness
13.3.2.2.3. Interactive Operations Division
13.3.2.2.4. Production Operations Division
13.3.2.2.5. Access Operations Division — Works with CIA's Technology Management Office to break into hard-to-reach networks
13.3.2.3. S323: Data Network Technologies (researches how to penetrate secure networks)
13.3.2.4. FG3223: Media Exploitation and Analysis
13.3.2.5. S324: Telecommunications Network Technologies — Develops technologies to penetrate telecom networks
13.3.2.6. S325: Mission Infrastructure Technologies — Operational computer network exploitation and enemy infrastructure vulnerability mapping
13.3.2.7. S327: Targeting and Requirements
13.3.2.8. S328: Access Technologies Operations (computer network attack) — Works with CIA's TMO
13.3.2.9. S32P. TAO Program Planning Integration
13.3.3. S33: Link Access // Global Access Operations
13.3.3.1. S332: Terrestrial SIGINT
13.3.3.2. S333: Overhead SIGINT
13.3.3.2.1. Overhead Collection Management Center
13.3.3.2.2. SSPO
13.3.3.3. S33P ISR Portfolio Management Office
13.3.3.3.1. S33P2 Technology Integration Division
13.3.3.3.2. S33P3 Tactical SIGINT Technology Office
13.3.3.3.3. AIRSTEED Program Office — Cell phone tracking
13.3.3.4. Community ELINT Management Office
13.3.3.5. OCEANSURF Program Office — $450m systems engineering hub
13.3.4. S34: Collection Strategies and Requirements Center
13.3.4.1. S342: Collection Coordination and Strategies
13.3.4.2. S343: Targeting and Mission Management — Approves targets for analysts/makes sure that SIGINT targeting matches intelligence requirements
13.3.4.3. S344: Partnership and Enterprise Management
13.3.5. S35 Special Source Operations
13.3.5.1. Program Offices
13.3.5.1.1. 35333: PRISM Program Office
13.3.5.1.2. CHASEFALCON — Unknown major program office
13.3.5.1.3. S352: PRINTAURA — NSA unit involved in data filtering; program office for TRAFFICTHIEF tool
13.3.5.1.4. OCELOT (FORNSAT)
13.3.5.1.5. Crosshair Net Management Center/Crosshair Support Center — Directing finding
13.3.5.1.6. Radio Frequency Targeted Operations Office
13.3.5.1.7. VOXGLO — Unknown major program office
13.3.5.1.8. V34 -- Next Generation Wireless (NGW) exploitation program
13.3.5.1.9. Corporate Partner Access PMO
13.4. SV -- Signals Intelligence Directorate Oversight and Compliance
13.4.1. SV4 FISA Compliance and Processing