
1. Main Databases
1.1. Aquador — Merchant ship tracking tool
1.2. NUCLEON — Global telephone content database
1.3. AIRGAP — Priority missions tool used to determine SIGINT gaps
1.4. HOMEBASE — A tactical tasking tool for digital network identification
1.5. SNORT — Repository of computer network attack techniques/coding
1.6. WIRESHARK — Repository of malicious network signatures
1.7. TRAFFICTHIEF — Raw SIGINT viewer for data analysis
1.8. TWISTEDPATH
1.9. BANYAN — NSA tactical geospatial correlation database
1.10. MAINWAY — Telephony metadata collection database
1.11. AGILITY
1.12. ASSOCIATION — Tactical SIGINT social network database
1.13. CREEK
1.14. MESSIAH/WHAMI — ELINT processing and analytical database
1.15. MARINA — Internet metadata collection database
1.16. SPITGLASS
1.17. PINWALE — SIGINT content database
1.18. FASCIA YELLOWSTONE
1.19. JOLLYROGER
1.20. TOYGRIPPE
1.21. SURREY
1.22. CADENCE
1.23. PROTON — SIGINT database for database for time-sensitive targets/counterintelligence
1.24. OCTAVE/CONTRAOCTIVE — Collection mission tasking tool
1.25. WRANGLER — Electronic Intelligence intercept raw database
1.26. ANCHORY — Main repository of finished NSA SIGINT reports (associated with MAUI)
1.27. GLOBALREACH
1.28. ONEROOF — Main tactical SIGINT database (Afghanistan), consisting of raw and unfiltered intercepts, associated with Coastline tool
2. NSA Acquisitions and Procurement Directorate
2.1. Program Executive Office — Oversees acquisition of major NSA backbone projects like TRAILBLAZER, CMM, REBA, JOURNEYMAN, and ICEBERG
2.2. Advanced Analytical Laboratory
2.3. Corporate Assessments Offices
2.4. Rebuilding Analysis Program Office
2.5. Knowledge System Prototype Program Office
2.6. Maryland Procurement Office
2.6.1. Acquisitions Program Manager for Signals Intelligence
2.6.2. Acquisitions Program Manager for Research
2.7. Acquisition Logistics Integrated Product Team
3. T: Technical Directorate
3.1. TE: Enterprise Systems Engineering and Architecture
3.2. TS: Information Systems and Security
3.3. TT: Independent Test and Evaluation
3.4. T1: Mission Capabilities
3.4.1. T132 — The "scissors" team: division that physically separates traffic by type once it's been ingested
3.4.2. Strategic SATCOM Security Engineering Office
3.5. T2: Business Capabilities
3.6. T3: Enterprise IT Services
3.6.1. T3221: Transport Field Services
3.6.2. T334: National Signals Processing Center
3.6.3. T335: Deployable Communications Operations
3.7. T5: CARILLION — High performance computing center
3.8. T6: Technical SIGINT and Ground Capabilities
3.9. OTRS -- Office of Target Reconnaissance and Survey -- provides rapid technological solutions for tactical SIGINT problems
4. M: Human Resources — Q: Security and Counterintelligence
4.1. Q2: Office of Military Personnel
4.2. Q3: Office of Civilian Personnel
4.3. QJ1: HR operations/global personnel SA
4.4. Q43: Information Policy Division
4.5. Q5: Office of Security
4.6. Q509: Security Policy Staff
4.7. Q51: Physical Security Division
4.8. Q52: Field Security Division
4.9. Q55: NSA CCAO
4.10. Q56: Security Awareness
4.11. Q57: Polygraph
4.12. Q7: Counterintelligence
5. Cross-functional units
5.1. National Security Operations Center — Main NSA intelligence watch facility
5.1.1. DECKPIN — NSA crisis cell activated during emergencies
5.1.2. CMM — Cryptologic Management Mission program office
5.2. Integrated Broadcast Support Services Office — Provides SIGINT "RSS" feeds to customers
5.3. DEFSMAC: Defense Special Missile and Aerospace Center
5.4. NSA/CSS Commercial Solutions Center
5.5. NSA/CSS Threat Operations Center — Main cyber watch center
5.5.1. Office of Analysis
5.6. Unified Cryptologic Architecture Office
5.6.1. Integration
5.6.2. Systems Engineering/Architecture Analyses and Issues
5.6.3. Architecture
5.6.4. Process
5.6.5. Planning and Financial Management
5.7. Plans and Exercise Office
5.7.1. NSA Continuity Programs Office
5.7.2. Military Exercise Office
5.7.3. Continuity Engineering Office
5.8. J2 Cryptologic Intelligence Unit (collects intelligence on worldwide cryptologic efforts -- 650 people).
6. Large domestic operating field sites
6.1. Columbia, MD
6.2. Friendship Annex, Linthicum, MD
6.3. Finksberg, MD
6.4. Bowie, MD
6.5. College Park, MD
6.6. Ft. Belvoir, VA
6.7. Fairfax, VA
6.8. Washington, DC
6.9. Ft. Detrick (Site R)
6.10. Camp Williams, UT
6.11. NSA Georgia (Ft. Gordon)
6.12. NSA Texas (Lackland AFB, San Antonio)
6.13. Greenville, TX
6.14. NSA Hawaii (Kunia)
6.15. NSA Denver (Aurora), co-located with CIA's National Resources Division
6.16. NSA Oak Ridge (Tennessee)
6.17. Yakima, WA
6.18. Winter Harbor, ME
6.19. Formerly: Sugar Grove, WV, Rosman, NC
7. NSA Product Lines
7.1. S2A: South Asia
7.2. S2B: China and Korea
7.3. S2C: International Security
7.4. S2D: Counter-foreign intelligence
7.5. S2E: Middle East/Asian
7.6. S2F: International Crime
7.7. S2G: Counterproliferation
7.8. S2H: Russia
7.9. S2I: Counterterrorism
7.9.1. S2IX: Special Counterterrorism Operations
7.10. S2J: Weapons and Space
7.11. S2T: Gelolocation — ?? ?? STJ TEG SIG GEO S4S
7.12. S2T3: NSA/CSS Threat Operations Center
7.13. S2X: ??
8. NSA Field Stations — Remote collection and analytical facilities
8.1. F6: Special Collection Service HQ (Beltsville, MD) — Joint CIA/NSA field collection agency operating from embassies 600 employees
8.2. F7: Meade Operations Center — 24/7 SIGINT support to deployed military units
8.3. SORC/FP: Special Operations Readiness Cells (Focal Point) — Support to special operations forces as part of the Focal Point Special Access Program
9. Foreign Affairs Directorate — Liaison with foreign intelligence services, counter-intelligence centers, UK/USA and FIVE EYES exchanges
9.1. Office of Export Control Policy
10. Information Assurance Directorate
10.1. IC: Cyber Integration Division
10.2. IE: Engagement Division
10.2.1. Client Engagement and Community Outreach Group
10.2.2. Interagency Operations Security Support Staff (OPSEC)
10.3. I2: Trusted Engineering Solutions
10.3.1. I2N: Office of National and Nuclear Command Capabilities — Provides the launch codes for nuclear weapons
10.3.1.1. Electronic Key Support Central Management Facility — Provides over-the-air code keying for the entire national security establishment
10.4. I3: Information Operations
10.4.1. Mission Integration Office
10.4.2. Technical Security Evaluations
10.4.3. Red Cell — Conducts surprise penetrations of U.S. government networks
10.4.4. Blue Cell — Conducts audits of U.S. government networks
10.4.5. HUNT: Advanced adversary network penetration cell — Monitors NSA networks 24/7 to detect advanced cyber penetrations
10.4.6. Joint Communications Security Monitoring Agency
10.5. I4: Fusion, Analysis, Mitigation
11. Research Directorate
11.1. R1: Math
11.2. R2: Trusted Systems
11.3. R3: LPS — Physical science lab
11.4. R4: LTS — Telecom science lab ( high-speed networks, wireless communications, and quantum key distribution)
11.5. R05: Center for the Advanced Study of Language
11.6. R6: Computer and Information Science
11.7. RX: Special Access Programs/Compartmented Research
12. Signals Intelligence Directorate
12.1. S1: Customer Relations
12.1.1. A&R Watch (K Watch Ops) 199
12.1.1.1. IBS
12.1.2. S11: Customer Gateway
12.1.3. S12: Information Sharing and Reporting Policy Services
12.1.4. S124: Staff Services Division
12.2. S2: Analysis and Production
12.2.1. Target Office of Primary Interest
12.2.2. FISA Special Adjudication Office — Provides 24/7 support to each product line shift to facilitate rapid FISA processing
12.3. S3: Data Acquisition
12.4. S31: Cryptologic Exploitation Servies
12.4.1. Signals and Surveys Analysis Division
12.4.1.1. Technical Exploitation Center
12.4.2. S3132: Protocol, Exploitation, and Dissemination Cell — Shunts SIGINT by type to databases
12.5. S32: Tailored Access Operations
12.5.1. Network Warfare Team — Liaison with military
12.5.2. Navy Remote Operations Center
12.5.3. S321: Remote Operations Center
12.5.3.1. Ft. Gordon Regional Operations Center
12.5.3.2. Network Ops Center
12.5.3.3. Operational Readiness
12.5.3.4. Interactive Operations Division
12.5.3.5. Production Operations Division
12.5.3.6. Access Operations Division — Works with CIA's Technology Management Office to break into hard-to-reach networks
12.5.4. FG322: NIE
12.5.5. S323: Data Network Technologies (researches how to penetrate secure networks)
12.5.6. FG3223: Media Exploitation and Analysis
12.5.7. S324: Telecommunications Network Technologies — Develops technologies to penetrate telecom networks
12.5.8. S325: Mission Infrastructure Technologies — Operational computer network exploitation and enemy infrastructure vulnerability mapping
12.5.9. S327: Targeting and Requirements
12.5.10. S328: Access Technologies Operations (computer network attack) — Works with CIA's TMO
12.6. S33: Link Access
12.6.1. S332: Terrestrial SIGINT
12.6.2. S333: Overhead SIGINT
12.6.3. S33P ISR Portfolio Management Office
12.6.3.1. S33P2 Technology Integration Division
12.6.3.2. S33P3 Tactical SIGINT Technology Office
12.7. S34: Collection Strategies and Requirements Center
12.7.1. S342: Collection Coordination and Strategies
12.7.2. S343: Targeting and Mission Management — Approves targets for analysts/makes sure that SIGINT targeting matches intelligence requirements
12.7.3. S344: Partnership and Enterprise Management
12.8. S35: Global Access Operations
12.8.1. Crosshair Net Management Center — Directing finding
12.8.2. Overhead Collection Management Center
12.8.3. S352: PRINTAURA — NSA unit involved in data filtering; program office for TRAFFICTHIEF tool
12.8.3.1. 35333: PRISM Program Office
12.8.3.2. S515: Morpheus Program Office — Unknown function
12.8.3.3. Community ELINT Management Office
12.8.3.4. OCEANSURF Program Office — $450m systems engineering hub
12.8.3.5. AIRSTEED Program Office — Cell phone tracking
12.8.3.5.1. Tactical Platforms Division
12.8.3.5.2. V34 -- Next Generation Wireless
12.8.3.6. VOXGLOW — Unknown major program office
12.8.3.7. CHASEFALCON — Unknown major program office