1. COLLECTION MECHANISMS
1.1. Open Source
1.2. SIGINT satellites (NEMESIS, INTRUDER, RAVEN, QUASAR, ORION)
1.3. Mobile collection platforms (EP-3s, U-2s, etc
1.4. F6/Special Collection Service emplaced sensors, CANEX
1.5. F6/Special Collection Service embassy-based listening posts // BIRDCATCHER /EINSTEIN /CASTANET
1.6. RF Collection Sites
1.7. Collection relay mechanisms
1.7.1. SIGINT satellites and relays
1.7.2. SCS base stations
1.7.3. Encrypted packets on the regular internet
1.7.4. Hard cables / fiber optics
1.7.5. DTS covert
1.7.6. SRP platforms
1.7.7. Cables provided by ISPs
1.8. FISA (PRISM, FAA 702) BR FISA PR/TT FISA, FISA ESTABLISHMENT, FAA 704, 705(b)
1.9. ,
1.10. Upstream collection (ingests at fiber hubs -- FAIRVIEW, etc)
1.11. Undersea cable taps (20 worldwide)
1.12. Cable hub splitters
1.13. Direct corporate partner network access points
1.14. Foreign country partner interfaces (FIVE EYES, etc)
1.15. Clandestine foreign telecom hub collection
1.16. FORNSAT intercepts (Stellar, Sounder, Snick, Moonpeny, Carboy, Timberline, Indira, Jacknife, Ironsand, Ladylove) See: http://electrospaces.blogspot.com/2013/12/nsas-global-interception-network.html for details
1.17. Ground SIGINT/FISINT collection sites
1.18. NSA, CIA and FBI implants
1.18.1. New info
1.19. LOPERS -- Public Branch Telephone System collection
1.20. Navy Underwater Reconnaissance Office
1.21. Midpoint collection -- surreptitious collection from nodes place in the middle of data links
2. T: Technical Directorate
2.1. TE: Enterprise Systems Engineering and Architecture
2.2. TS: Information Systems and Security
2.2.1. Public Key Infrastructure (PKI) Program Management Office (PMO)
2.3. TT: Independent Test and Evaluation
2.4. T1: Mission Capabilities
2.4.1. T132 — The "scissors" team: division that physically separates traffic by type once it's been ingested
2.4.2. Strategic SATCOM Security Engineering Office
2.4.3. T1221
2.5. T2: Business Capabilities
2.6. T3: Enterprise IT Services
2.6.1. T3221: Transport Field Services
2.6.2. T334: National Signals Processing Center
2.6.3. T335: Deployable Communications Operations
2.6.4. T332 Global Enterprise Command Center
2.7. T5: CARILLION — High performance computing center
2.8. T6: Technical SIGINT and Ground Capabilities
2.9. OTRS -- Office of Target Reconnaissance and Survey -- provides rapid technological solutions for tactical SIGINT problems
3. NSA Nitty Gritty -- databases, tasking systems and analytical interfaces
3.1. SIGINT ANALYTICAL and PROCESSING TOOLS
3.1.1. AQUADOR — Merchant ship tracking tool
3.1.2. ASSOCIATION Selector correlation and analysis tool
3.1.3. BANYAN — NSA tactical geospatial correlation database
3.1.4. WealthyCluster -- data mining tool for CT
3.1.5. TUSKATTIRE - data processing system
3.1.6. ShellTrumpet -- metadata processing
3.1.7. MESSIAH/WHAMI — ELINT processing and analytical database
3.1.8. TAPERLAY -- Global database of telephone numbers/selectors by type (GSM,etc)
3.1.9. OCTSKYWARD - GSM tool
3.1.10. TWINSERPENT -- phone book tool
3.1.11. WRTBOX -- collection from PSTN overseas
3.1.12. Tools
3.1.12.1. Unified Targeting Tool
3.1.12.2. CHALKFUN -- metadata location record database
3.1.12.3. SPYDER -- SMS/metadata query tool
3.1.12.4. XKEYSCORE global SIGINT analysis system
3.1.12.5. AIRGAP — Priority missions tool used to determine SIGINT gaps
3.1.12.6. TRAFFICTHIEF — Raw SIGINT viewer and sorter for data analysis
3.1.12.7. TRANSx
3.1.12.8. Bpundless Informant
3.1.13. DISHFIRE -- SMS collection and analysis from digital network information and records ingested by the MUL:KBONE database
3.2. COLLECTION REQUIREMENTS AND TASKING
3.2.1. CASPORT -- main NSA corporate / access identification tool used to control product dissemination
3.2.2. OCTAVE/CONTRAOCTIVE — Collection mission tasking tool -- where "selectors" live
3.2.2.1. PEPPERBOX -- database of targeting requests
3.2.3. HOMEBASE — A tactical tasking tool for digital network identification
3.2.4. SURREY DNI / SIGINT tasking database
3.2.5. DISHFIRE -- Associational and relational database for political and strategic intelligence by key selectors
3.2.6. AGILITY -- database of foreign intelligence selectors (non CT)
3.2.7. CHIPPEWA -- system to exchange SIGINT tasking / data with allies
3.3. DNI/DNR and network penetration tools and system
3.3.1. CNO TOOLS
3.3.1.1. SHARKFINN
3.3.1.2. BROKENTIGO
3.3.1.3. EMBRACEFLINT
3.3.1.4. LONGHAUL
3.3.1.5. EGOTISTICAL GOAT / EGOTISTICAL GIRAFFE
3.3.1.6. ATLAS -- DNI geolocation and network information tool
3.3.1.7. DANAUS -- DNS discovery tool / reverse DNS
3.3.1.8. BLACKPEARL -- survey information tool
3.3.1.9. ERRONEOUS INGENUITY
3.3.1.10. TIDALSURGE -- DNI router configuration discovery
3.3.1.11. ATHENA -- port discovery probe tool
3.3.1.12. SNORT — Repository of computer network attack techniques/coding
3.3.1.13. TREASUREMAP -- Global Internet Mapping/Analysis tool
3.3.1.13.1. PACKAGED GOODS -- global internet exploitation tool / traces routes of information
3.3.1.14. EVILOLIVE -- IP Geolocation
3.3.1.15. HYPERION -- IP to IP communication survey tool
3.3.1.16. WIRESHARK — Repository of malicious network signatures
3.3.1.17. TRITON -- TOR node search tool
3.3.1.18. ISLANDTRANSPORT -- Enterprise Message Service processor
3.3.2. FOXACID
3.3.3. TOYGRIPPE -- VPN collection
3.3.3.1. FRIARTUCK
3.3.3.2. MASTERSHAKE -- VSAT Terminal emulator
3.3.4. TURBULENCE -- global "advanced forward defense" internet architecture built for NSA; employs the QUANTUM THEORY system, global distributed passive sensors to detect target traffic and tip a centralized command/control node (QFIRE).
3.3.4.1. TURMOIL --High-speed passive collection systems intercept foreign target satellite, microwave, and cable communications as thev transit the globe
3.3.4.1.1. TURBINE -- active SIGINT collection off of TURBULENCE architecture
3.3.4.2. TUELAGE -- active CND off the TURBULENCE architecture
3.3.4.3. TUMULT -- Stage 0 server for TURBULENCE architecture
4. SURPUUSHANGAR -- covert mechanism to ingest unclassified traffic into high side servers
5. Cross-functional units // co-located with SID S2 Production Lines
5.1. Integrated Broadcast Support Services Office — Provides SIGINT "RSS" feeds to customers
5.2. DEFSMAC: Defense Special Missile and Aerospace Center
5.3. Unified Cryptologic Architecture Office
5.3.1. Integration
5.3.2. Systems Engineering/Architecture Analyses and Issues
5.3.3. Architecture
5.3.4. Process
5.3.5. Planning and Financial Management
5.4. Plans and Exercise Office
5.4.1. NSA Continuity Programs Office
5.4.2. Military Exercise Office
5.4.3. Continuity Engineering Office
5.5. J2 Cryptologic Intelligence Unit (collects intelligence on worldwide cryptologic efforts).
6. NSA Acquisitions and Procurement Directorate
6.1. Program Executive Office — Oversees acquisition of major NSA backbone projects like TRAILBLAZER, CMM, REBA, JOURNEYMAN, and ICEBERG
6.2. Advanced Analytical Laboratory
6.3. Corporate Assessments Offices
6.4. Rebuilding Analysis Program Office
6.5. Knowledge System Prototype Program Office
6.6. Maryland Procurement Office
6.6.1. Acquisitions Program Manager for Signals Intelligence
6.6.2. Acquisitions Program Manager for Research
6.7. Acquisition Logistics Integrated Product Team
7. Requirements and Tasking
7.1. NIPF
7.2. IIR
7.3. Colesium
7.4. Validation
7.4.1. DNI Mission Managers
7.4.2. SOO / SigDev
7.4.3. NSRTasking
7.4.4. Deconfliction
7.4.5. Successor to Echelon
7.4.6. S34
8. Special FISA adjudication
9. FROM THERE to Ft. Meade -- How data moves at NSA
9.1. NUCLEON — Global content database
9.1.1. CONVEYENCE DNI content database
9.2. WRANGLER — Electronic Intelligence intercept raw database
9.3. ONEROOF — Main tactical SIGINT database (Afghanistan), consisting of raw and unfiltered intercepts, associated with Coastline tool
9.4. PROTON — Large SIGINT database for time-sensitive targets/counterintelligence. Associated with Criss-Cross tool.
9.5. MARINA / MAINWAY Internet metadata collection database / SIGINT metadata collection database
9.5.1. PINWALE — SIGINT content database
9.6. CULTWEAVE
9.7. FASCIA -- major metadata ingest processor that sends to Ft. Meade stuff that NSA collects out there
9.8. FASTBALL -- automated DNI analytical processing system
9.9. FALLOUT -- major content ingest processor that sends to Ft. Meade in raw, unstructured form for later processing. Generally for unstructured data.
9.10. TUNINGFORK
9.11. Reporting tools
9.11.1. CPE
9.11.2. Voice master
9.11.3. Center mass
9.11.4. Gist Queue
9.11.5. YELLOWSTONE -- assigns metrics for allocation and distributing ingested SIGINT product.
9.11.6. TAC
9.11.7. AHMS
9.11.8. SKYWRITER
9.12. PRESSUREWAVE
9.13. FASTSCOPE
10. Top Priority SIGINT Missions
10.1. Support to USSS / presidential protection and national programs, including, under special authorities, NSSEs
10.2. Warning / imminent military and strategic threats from China, Russia,
10.3. Counter-foreign intelligence and counter-intelligence
10.4. CT/CN/CP/CE
10.5. Collection on military plans and strategies of China, Russia, Iran, North Korea, Israel
10.6. Ballistic missile defense
10.7. Domestic electronic CT wall
10.8. Political intelligence
10.9. Iranian, North Korean, Israeli, Pakistani proliferation and defensive CI activities
11. M: Human Resources — Q: Security and Counterintelligence
11.1. Q2: Office of Military Personnel
11.2. Q3: Office of Civilian Personnel
11.3. QJ1: HR operations/global personnel SA
11.4. Q43: Information Policy Division
11.5. Q5: Office of Security
11.6. Q509: Security Policy Staff
11.7. Q51: Physical Security Division
11.8. Q52: Field Security Division
11.9. Q55: NSA CCAO
11.10. Q56: Security Awareness
11.11. Q57: Polygraph
11.12. Q7: Counterintelligence
11.13. Q123
12. Other major NSA tools and databases
12.1. TWISTEDPATH
12.2. CREEK
12.3. SPITGLASS
12.4. JOLLYROGER
12.5. CADENCE
12.6. GLOBALREACH
12.7. Broom Stick
12.8. JUGGERNAUT -- mobile/data communications collection
12.9. DRTBOX -- possible system for obtaining information from cell phones
12.10. Boundless Informant -- collection volume, type, location and platform visualization too
12.11. MUTANT BROTH
12.12. TRACfin -- financial information database
13. Information Assurance Directorate
13.1. IC: Cyber Integration Division
13.2. IE: Engagement Division
13.2.1. Client Engagement and Community Outreach Group
13.2.2. Interagency Operations Security Support Staff (OPSEC)
13.3. I2: Trusted Engineering Solutions
13.3.1. I2N: Office of National and Nuclear Command Capabilities — Provides the launch codes for nuclear weapons
13.3.1.1. Electronic Key Support Central Management Facility — Provides over-the-air code keying for the entire national security establishment
13.3.2. Information Technology Infrastructure Services (ITIS) System Office
13.4. I3: Information Operations
13.4.1. Mission Integration Office
13.4.2. Technical Security Evaluations
13.4.3. Red Cell — Conducts surprise penetrations of U.S. government networks
13.4.4. Blue Cell — Conducts audits of U.S. government networks
13.4.5. HUNT: Advanced adversary network penetration cell — Monitors NSA networks 24/7 to detect advanced cyber penetrations
13.4.6. Joint Communications Security Monitoring Agency
13.5. I4: Fusion, Analysis, Mitigation
14. Research Directorate
14.1. R1: Math
14.2. R2: Trusted Systems
14.3. R3: LPS — Physical science lab
14.4. R4: LTS — Telecom science lab ( high-speed networks, wireless communications, and quantum key distribution)
14.5. R05: Center for the Advanced Study of Language
14.6. R6: Computer and Information Science
14.7. RX: Special Access Programs/Compartmented Research
15. Directorate for Corporate Leadership
16. Directorate for Education and Training
17. F6: Special Collection Service HQ (Beltsville, MD) —STATEROOM-- Joint CIA/NSA field collection agency operating from embassies and other denied locations. Director reports to DIRNSA
18. Collection types
18.1. Midpoint collection
18.2. CNE enabled implants
18.3. Endpoint collection
18.4. Corporate access point collection
18.5. Overhead collection
18.6. foreign satellite collection
18.7. Clandestine signal collection
18.8. Undersea collection
18.9. Airborne collection
18.10. Close access point collection
19. Foreign Affairs Directorate — Liaison with foreign intelligence services, counter-intelligence centers, UK/USA and FIVE EYES exchanges
19.1. Office of Export Control Policy
19.2. SUSLOs
19.3. UKUSA governing council
20. Signals Intelligence Directorate
20.1. S1: Enterprise Engagement and Mission Management
20.1.1. A&R Watch (K Watch Ops) 199
20.1.2. S11: Customer Gateway
20.1.3. S12: Information Sharing and Services Branch
20.1.3.1. Partnership Dissemination Cell
20.1.4. S124: Staff Services Division
20.1.5. NSA Commercial Solutions Center
20.1.6. S17 Strategic Intelligence Issues
20.1.7. S1E -- Electromagnetic Space Program Office
20.1.8. S1P Plans and Exercise Division
20.1.8.1. S1P1 -- SOCOM/NORTHCOM SIGINT planning
20.1.8.2. S1P2 - Combatant Commands SIGINT planning
20.2. S2: Analysis and Production Centers
20.2.1. FISA Special Adjudication Office — Provides 24/7 support to each product line shift to facilitate rapid FISA processing
20.2.2. NSA Product Lines
20.2.2.1. S2A: South Asia
20.2.2.1.1. S25A51 -- South Asian Language Analysis Branch
20.2.2.1.2. S25A52 -- South Asian Reporting Branch
20.2.2.1.3. S25A4 -- Pakistan
20.2.2.2. S2B: China and Korea
20.2.2.3. S2I: Counterterrorism Production Center
20.2.2.3.1. S2IX: Special Counterterrorism Operations // CT Special Projects
20.2.2.3.2. S2I42 -- Hezbollah Team
20.2.2.3.3. S2I5 Advanced Analysis Division (FISA analysis) program manager, deputy program manager, 5 shift supervisors, 125 analysts
20.2.2.3.4. S2I43 -- NOM Team
20.2.2.3.5. Counterterrorism Mission Aligned Cell (CT-MAC) -- sensitive counter-terrorism support to CIA
20.2.2.3.6. S2I4 Homeland Mission Center
20.2.2.3.7. Metadata Analysis Center
20.2.2.4. S2C: International Security
20.2.2.4.1. S2C42 -- Western Europe and Strategic Partnership Division
20.2.2.4.2. S2C41 Mexico Team
20.2.2.4.3. S2C32 European States Branch
20.2.2.5. S2D: Counter-foreign intelligence
20.2.2.6. S2E: Middle East/Asia
20.2.2.7. S2F: International Crime
20.2.2.8. S2G: Counterproliferation
20.2.2.9. S2H: Russia
20.2.2.10. S2T: Current Threats
20.2.2.10.1. S2T3: NSA/CSS Threat Operations Center
20.2.2.11. S2J: Weapons and Space
20.2.2.12. S203: Access Team for Operations Staff
20.2.3. K -- National Security Operations Center
20.2.3.1. National Security Operations Center — Main NSA intelligence watch facility
20.2.3.1.1. DECKPIN — NSA crisis cell activated during emergencies
20.2.3.1.2. Homeland Security Analysis Center
20.2.3.1.3. CMM — Cryptologic Management Mission program office
20.3. S3: Data Acquisition
20.3.1. S31: Cryptologic Exploitation Services
20.3.1.1. Signals and Surveys Analysis Division
20.3.1.1.1. Technical Exploitation Center
20.3.1.1.2. Project BULLRUN
20.3.1.2. S3132: Protocol, Exploitation, and Dissemination Cell — Shunts SIGINT by type to databases
20.3.1.3. S31174 Office of Target Pursuit
20.3.2. S32: Tailored Access Operations
20.3.2.1. Network Warfare Team — Liaison with military
20.3.2.2. S321: Remote Operations Center
20.3.2.2.1. Network Ops Center
20.3.2.2.2. Operational Readiness
20.3.2.2.3. Interactive Operations Division
20.3.2.2.4. POLARBREEZE
20.3.2.3. S322 Advanced Network Technologies
20.3.2.3.1. S3222: (software implants)
20.3.2.3.2. S32221: ?
20.3.2.3.3. S32222: (routers, servers, etc.)
20.3.2.3.4. S3223: (hardware implants)
20.3.2.3.5. S3224: ?
20.3.2.3.6. S32241: ?
20.3.2.3.7. S32242: (GSM cell)
20.3.2.3.8. S32243: (radar retro-refl.)
20.3.2.4. S323: Data Network Technologies (researches how to penetrate secure networks)
20.3.2.4.1. Production Operations Division
20.3.2.5. S324: Telecommunications Network Technologies — Develops technologies to penetrate telecom networks
20.3.2.6. S325: Mission Infrastructure Technologies — Operational computer network exploitation and enemy infrastructure vulnerability mapping
20.3.2.6.1. Transaction Branch
20.3.2.7. S327: Targeting and Requirements
20.3.2.8. S328: Access Technologies Operations (computer network attack) — Works with CIA's TMO
20.3.2.9. S32P. TAO Program Planning Integration
20.3.2.10. Access Operations Division — Works with CIA's Technology Management Office / information Operations Division to break into foreign / CI networks
20.3.2.10.1. TURMOIL -- NSA cover term for installation/maintenance and operation of filters, servers and splitters on servers of corporate partners w/ their permission for SIGINT and CNE operations. Each diversion device is called a QUANTUM
20.3.2.10.2. GENIE SIGADs - 3136 (domestic) / 3137 (foreign)
20.3.2.10.3. SSO Close Access Domestic Collection Systems on foreign targets SIGAD US-3136
20.3.3. S33: Link Access // Global Access Operations
20.3.3.1. S332: Terrestrial SIGINT
20.3.3.1.1. OCELOT (FORNSAT)
20.3.3.2. S333: Overhead SIGINT
20.3.3.2.1. Overhead Collection Management Center
20.3.3.2.2. SSPO
20.3.3.3. S33P ISR Portfolio Management Office
20.3.3.3.1. S33P2 Technology Integration Division
20.3.3.3.2. S33P3 Tactical SIGINT Technology Office
20.3.3.4. Community ELINT Management Office
20.3.3.5. VOXGLO -- major cyber and enterprising computing project
20.3.3.6. OCEANSURF Program Office — $450m systems engineering hub
20.3.4. S35 Special Source Operations
20.3.4.1. Cable programs
20.3.4.1.1. LITHIUM
20.3.4.1.2. MADCAPOCELOT - STORMBREW collection program using SIGAD 3140
20.3.4.1.3. DARKTHUNDER
20.3.4.1.4. WINDSTOP
20.3.4.1.5. OAKSTAR -- filtered high-volume collection off international cable transit nodes and foreign access points under FAA/Transit authority and EO12333. Divided by SIGAD and production source.
20.3.4.1.6. SERENADE
20.3.4.1.7. INCENSOR
20.3.4.2. SIGAD US-990 -- Overseas transit switch collection of international communications from FAIRVIEW partner
20.3.4.2.1. US-984T FISA collection from FAIRVIEW corporate access point
20.3.4.3. S352: PRINTAURA — NSA unit involved in data filtering; program office for TRAFFICTHIEF tool
20.3.4.4. Mission Support Hub
20.3.4.5. Large Area Access Working Group
20.3.4.6. S353 -- SIGAD US-984 Collection Programs
20.3.4.6.1. SIGAD US-984 BLARNEY (digital network intelligence / dial number recognition collection from FISA court order approved targets, like spies, agents of foreign powers / traffickers using data flowing through US circuits and nodes. Producer digraph for BLARNEY is AX
20.3.4.6.2. SIGAD US-984X -- FISA Amendments Act collection w/ various programs (including PRISM) on CT, CI, CP and CE targets. Selector must be certified and foreign.
20.3.4.6.3. STORMBREW
20.3.4.7. S3520 -- Office of Target Reconnaissance and Survey
20.3.5. S353 -- Portfolio Management Office
20.3.5.1. AIRSTEED Program Office — Cell phone tracking
20.3.5.1.1. Tactical Platforms Division
20.3.5.2. Crosshair Net Management Center/Crosshair Support Center — Directing finding
20.3.5.3. Radio Frequency Targeted Operations Office
20.3.5.3.1. RFTO Special Projects Office
20.3.6. S34: Collection Strategies and Requirements Center
20.3.6.1. S342: Collection Coordination and Strategies -- resource allocation and metrics
20.3.6.2. S343: Targeting and Mission Management — Approves targets for analysts/makes sure that SIGINT targeting matches intelligence requirements
20.3.6.3. S344: Partnership and Enterprise Management
20.4. SV -- Signals Intelligence Directorate Oversight and Compliance
20.4.1. SV4 FISA Compliance and Processing
20.5. SSG -- SIGDEV Strategy and Governance
20.5.1. SSG 1
20.5.2. SSO Optimization staff
21. SATC
22. V -- NATIONAL THREAT OPERATIONS CENTER (CYBER)
22.1. V1 Staff Services
22.2. V2 Analysis
22.3. V3 Operations
22.3.1. V34 -- Next Generation Wireless (NGW)
23. S3221: (persistence software)
24. Office of the Director, NSA (DIRNSA)
24.1. D01: Director’s Operation Group (DOG)
24.2. D05: Director’s Secretariat
24.3. D07: Office of Protocol
24.4. D08: Homeland Security Support Office (HSSO)
24.5. D1: Office of the Inspector General (OIG)
24.6. D2: Office of the General Counsel (OGC)
24.7. D5: Corporate Assessments Office
24.8. D5T: Technology Test and Evaluation
24.9. D6: Office of Equal Employment Oppertunity
24.10. Logo of the Central Security Service (CSS)
24.11. D7: Central Security Service (CSS)
24.12. D709: CSS Staff and Resources
24.13. D7D: Cryptologic Doctrine Office
24.14. D7P: Office of Military Personnel
24.15. D7R: Director's Reserve Forces Advisor
24.16. DC: Director’s Chief of Staff
24.17. DC0: Support
24.18. DC3: Policy
24.19. DC31: Corporate Policy
24.20. DC32: Information Policy
24.21. DC321: Freedom of Information Act and Privacy Act (FOIA/PA)
24.22. DC322: Information Security and Records Management
24.23. DC3221: Information Security Policy
24.24. DC3223: Records Management Policy
24.25. DC323: Automated Declassification Services
24.26. DC33: Technology Security, Export, and Encryption Policy
24.27. DC4: Corporate Strategic Planning and Performance
24.28. DC6: External Relations & Communications
24.29. DC8: Corporate Management Services
24.30. Unified Cryptologic Architecture Office
25. SIGDEV/TARGET APPROVAL/COMPLIANCE
25.1. PRODUCT LINE TOPIC OFFICE OF PRIMARY INTEREST offices
25.2. FISA Special Adjudication Office
25.3. S2I5 Compliance Staff
25.4. S343 Prioritizing and Approval of Targets
25.5. SV SIGINT Governance and Compliance Division
25.6. FBI
25.7. OGC
26. Sources: author’s reporting and research; Cryptome.org; Matthew Aid, Edward Snowden documents; Top Level Telecommunications website; http://electrospaces.blogspot.com), reporting in the Guardian, New York Times, Washington Post
27. Large domestic operating field sites
27.1. Columbia, MD
27.2. Friendship Annex, Linthicum, MD
27.3. Finksberg, MD
27.4. Bowie, MD
27.5. College Park, MD
27.6. Ft. Belvoir, VA
27.7. Fairfax, VA
27.8. Washington, DC
27.9. Ft. Detrick (Site R)
27.10. Camp Williams, UT
27.11. NSA Georgia (Ft. Gordon)
27.12. NSA Texas (Lackland AFB, San Antonio)
27.13. Greenville, TX
27.14. NSA Denver (Aurora), co-located with CIA's National Resources Division
27.15. NSA Oak Ridge (Tennessee)
27.16. Yakima, WA JACKNIFE
27.17. Winter Harbor, ME
27.18. Formerly: Sugar Grove, WV, Rosman, NC TIMBERLINE
27.19. NSA Continuity of Government site
27.20. NSA CMOC -- Cheyenne Mounfain
27.21. NSA Field Stations — Remote collection and analytical facilities
27.21.1. F74: Meade Operations Center — 24/7 SIGINT support to deployed military units
27.21.2. SORC/FP: Special Operations Readiness Cells (Focal Point) — Support to special operations forces as part of the Focal Point Special Access Program
27.22. NSA Kunia
28. SCI COMPARTMENTS
28.1. SI or COMINT -- top-level SCI compartment; denotes sensitive SiGINT, DNI and cyber sources and methods
28.1.1. ECI -- COMINT subcompartment. with further subcompartments, which protect NSA relationships with other government agencies and private companies as well as specific sources, cryptalanaric breakthroughs and capabilities
28.1.1.1. ECI-FGT --> SCS Product
28.1.1.2. ECI-AMB Ambulate
28.1.1.3. ECI-PIQ Picaresque
28.1.1.4. ECI compartments include PIEDMONT, PENDLETON, PITCHFORK, PAWLEYS, AUNTIE, PAINTEDEAGLE