National Security Agency / The Unofficial Org Chart. (C) 2014 Marc Ambinder, Inc.

Get Started. It's Free
or sign up with your email address
Rocket clouds
National Security Agency / The Unofficial Org Chart. (C) 2014 Marc Ambinder, Inc. by Mind Map: National Security Agency / The Unofficial Org Chart. (C) 2014 Marc Ambinder, Inc.

1. Cross-functional units // co-located with SID S2 Production Lines

1.1. Integrated Broadcast Support Services Office — Provides SIGINT "RSS" feeds to customers

1.2. DEFSMAC: Defense Special Missile and Aerospace Center

1.3. Unified Cryptologic Architecture Office

1.3.1. Integration

1.3.2. Systems Engineering/Architecture Analyses and Issues

1.3.3. Architecture

1.3.4. Process

1.3.5. Planning and Financial Management

1.4. Plans and Exercise Office

1.4.1. NSA Continuity Programs Office

1.4.2. Military Exercise Office

1.4.3. Continuity Engineering Office

1.5. J2 Cryptologic Intelligence Unit (collects intelligence on worldwide cryptologic efforts).

2. F6: Special Collection Service HQ (Beltsville, MD) —STATEROOM-- Joint CIA/NSA field collection agency operating from embassies and other denied locations. Director reports to DIRNSA

3. SCI COMPARTMENTS

3.1. SI or COMINT -- top-level SCI compartment; denotes sensitive SiGINT, DNI and cyber sources and methods

3.1.1. ECI -- COMINT subcompartment. with further subcompartments, which protect NSA relationships with other government agencies and private companies as well as specific sources, cryptalanaric breakthroughs and capabilities

3.1.1.1. ECI-FGT --> SCS Product

3.1.1.2. ECI-AMB Ambulate

3.1.1.3. ECI-PIQ Picaresque

3.1.1.4. ECI compartments include PIEDMONT, PENDLETON, PITCHFORK, PAWLEYS, AUNTIE, PAINTEDEAGLE

3.2. VRK -- exceptionally sensitive sources of national and strategic importance

3.3. RAGTIME -- protects "product " gathered from FISA intercepts

3.4. RAMPART --codeword for foreign leader SIGINT - RAM-A, RAM-X, RAM-T, RAM-M

3.5. PANGRAM

3.6. TSP -

4. Directorate for Education and Training

5. Directorate for Corporate Leadership

6. Foreign Affairs Directorate — Liaison with foreign intelligence services, counter-intelligence centers, UK/USA and FIVE EYES exchanges

6.1. Office of Export Control Policy

6.2. SUSLOs

6.3. UKUSA governing council

7. NSA Acquisitions and Procurement Directorate

7.1. Program Executive Office — Oversees acquisition of major NSA backbone projects like TRAILBLAZER, CMM, REBA, JOURNEYMAN, and ICEBERG

7.2. Advanced Analytical Laboratory

7.3. Corporate Assessments Offices

7.4. Rebuilding Analysis Program Office

7.5. Knowledge System Prototype Program Office

7.6. Maryland Procurement Office

7.6.1. Acquisitions Program Manager for Signals Intelligence

7.6.2. Acquisitions Program Manager for Research

7.7. Acquisition Logistics Integrated Product Team

8. Top Priority SIGINT Missions

8.1. Support to USSS / presidential protection and national programs, including, under special authorities, NSSEs

8.2. Warning / imminent military and strategic threats from China, Russia,

8.3. Counter-foreign intelligence and counter-intelligence

8.4. CT/CN/CP/CE

8.5. Collection on military plans and strategies of China, Russia, Iran, North Korea, Israel

8.6. Ballistic missile defense

8.7. Domestic electronic CT wall

8.8. Political intelligence

8.9. Iranian, North Korean, Israeli, Pakistani proliferation and defensive CI activities

9. T: Technical Directorate

9.1. TE: Enterprise Systems Engineering and Architecture

9.2. TS: Information Systems and Security

9.2.1. Public Key Infrastructure (PKI) Program Management Office (PMO)

9.3. TT: Independent Test and Evaluation

9.4. T1: Mission Capabilities

9.4.1. T132 — The "scissors" team: division that physically separates traffic by type once it's been ingested

9.4.2. Strategic SATCOM Security Engineering Office

9.4.3. T1221

9.5. T2: Business Capabilities

9.6. T3: Enterprise IT Services

9.6.1. T3221: Transport Field Services

9.6.2. T334: National Signals Processing Center

9.6.3. T335: Deployable Communications Operations

9.6.4. T332 Global Enterprise Command Center

9.7. T5: CARILLION — High performance computing center

9.8. T6: Technical SIGINT and Ground Capabilities

9.9. OTRS -- Office of Target Reconnaissance and Survey -- provides rapid technological solutions for tactical SIGINT problems

10. Information Assurance Directorate

10.1. IC: Cyber Integration Division

10.2. IE: Engagement Division

10.2.1. Client Engagement and Community Outreach Group

10.2.2. Interagency Operations Security Support Staff (OPSEC)

10.3. I2: Trusted Engineering Solutions

10.3.1. I2N: Office of National and Nuclear Command Capabilities — Provides the launch codes for nuclear weapons

10.3.1.1. Electronic Key Support Central Management Facility — Provides over-the-air code keying for the entire national security establishment

10.3.2. Information Technology Infrastructure Services (ITIS) System Office

10.4. I3: Information Operations

10.4.1. Mission Integration Office

10.4.2. Technical Security Evaluations

10.4.3. Red Cell — Conducts surprise penetrations of U.S. government networks

10.4.4. Blue Cell — Conducts audits of U.S. government networks

10.4.5. HUNT: Advanced adversary network penetration cell — Monitors NSA networks 24/7 to detect advanced cyber penetrations

10.4.6. Joint Communications Security Monitoring Agency

10.5. I4: Fusion, Analysis, Mitigation

11. Requirements and Tasking

11.1. NIPF

11.2. IIR

11.3. Colesium

11.4. Validation

11.4.1. DNI Mission Managers

11.4.2. SOO / SigDev

11.4.3. NSRTasking

11.4.4. Deconfliction

11.4.5. Successor to Echelon

11.4.6. S34

12. Research Directorate

12.1. R1: Math

12.2. R2: Trusted Systems

12.3. R3: LPS — Physical science lab

12.4. R4: LTS — Telecom science lab ( high-speed networks, wireless communications, and quantum key distribution)

12.5. R05: Center for the Advanced Study of Language

12.6. R6: Computer and Information Science

12.7. RX: Special Access Programs/Compartmented Research

13. Collection types

13.1. Midpoint collection

13.2. CNE enabled implants

13.3. Endpoint collection

13.4. Corporate access point collection

13.5. Overhead collection

13.6. foreign satellite collection

13.7. Clandestine signal collection

13.8. Undersea collection

13.9. Airborne collection

13.10. Close access point collection

14. Large domestic operating field sites

14.1. Columbia, MD

14.2. Friendship Annex, Linthicum, MD

14.3. Finksberg, MD

14.4. Bowie, MD

14.5. College Park, MD

14.6. Ft. Belvoir, VA

14.7. Fairfax, VA

14.8. Washington, DC

14.9. Ft. Detrick (Site R)

14.10. Camp Williams, UT

14.11. NSA Georgia (Ft. Gordon)

14.12. NSA Texas (Lackland AFB, San Antonio)

14.13. Greenville, TX

14.14. NSA Denver (Aurora), co-located with CIA's National Resources Division

14.15. NSA Oak Ridge (Tennessee)

14.16. Yakima, WA JACKNIFE

14.17. Winter Harbor, ME

14.18. Formerly: Sugar Grove, WV, Rosman, NC TIMBERLINE

14.19. NSA Continuity of Government site

14.20. NSA CMOC -- Cheyenne Mounfain

14.21. NSA Field Stations — Remote collection and analytical facilities

14.21.1. F74: Meade Operations Center — 24/7 SIGINT support to deployed military units

14.21.2. SORC/FP: Special Operations Readiness Cells (Focal Point) — Support to special operations forces as part of the Focal Point Special Access Program

14.22. NSA Kunia

15. Signals Intelligence Directorate

15.1. S1: Enterprise Engagement and Mission Management

15.1.1. A&R Watch (K Watch Ops) 199

15.1.2. S11: Customer Gateway

15.1.3. S12: Information Sharing and Services Branch

15.1.3.1. Partnership Dissemination Cell

15.1.4. S124: Staff Services Division

15.1.5. NSA Commercial Solutions Center

15.1.6. S17 Strategic Intelligence Issues

15.1.7. S1E -- Electromagnetic Space Program Office

15.1.8. S1P Plans and Exercise Division

15.1.8.1. S1P1 -- SOCOM/NORTHCOM SIGINT planning

15.1.8.2. S1P2 - Combatant Commands SIGINT planning

15.2. S2: Analysis and Production Centers

15.2.1. FISA Special Adjudication Office — Provides 24/7 support to each product line shift to facilitate rapid FISA processing

15.2.2. NSA Product Lines

15.2.2.1. S2A: South Asia

15.2.2.1.1. S25A51 -- South Asian Language Analysis Branch

15.2.2.1.2. S25A52 -- South Asian Reporting Branch

15.2.2.1.3. S25A4 -- Pakistan

15.2.2.2. S2B: China and Korea

15.2.2.3. S2I: Counterterrorism Production Center

15.2.2.3.1. S2IX: Special Counterterrorism Operations // CT Special Projects

15.2.2.3.2. S2I42 -- Hezbollah Team

15.2.2.3.3. S2I5 Advanced Analysis Division (FISA analysis) program manager, deputy program manager, 5 shift supervisors, 125 analysts

15.2.2.3.4. S2I43 -- NOM Team

15.2.2.3.5. Counterterrorism Mission Aligned Cell (CT-MAC) -- sensitive counter-terrorism support to CIA

15.2.2.3.6. S2I4 Homeland Mission Center

15.2.2.3.7. Metadata Analysis Center

15.2.2.4. S2C: International Security

15.2.2.4.1. S2C42 -- Western Europe and Strategic Partnership Division

15.2.2.4.2. S2C41 Mexico Team

15.2.2.4.3. S2C32 European States Branch

15.2.2.5. S2D: Counter-foreign intelligence

15.2.2.6. S2E: Middle East/Asia

15.2.2.7. S2F: International Crime

15.2.2.8. S2G: Counterproliferation

15.2.2.9. S2H: Russia

15.2.2.10. S2T: Current Threats

15.2.2.10.1. S2T3: NSA/CSS Threat Operations Center

15.2.2.11. S2J: Weapons and Space

15.2.2.12. S203: Access Team for Operations Staff

15.2.3. K -- National Security Operations Center

15.2.3.1. National Security Operations Center — Main NSA intelligence watch facility

15.2.3.1.1. DECKPIN — NSA crisis cell activated during emergencies

15.2.3.1.2. Homeland Security Analysis Center

15.2.3.1.3. CMM — Cryptologic Management Mission program office

15.3. S3: Data Acquisition

15.3.1. S31: Cryptologic Exploitation Services

15.3.1.1. Signals and Surveys Analysis Division

15.3.1.1.1. Technical Exploitation Center

15.3.1.1.2. Project BULLRUN

15.3.1.2. S3132: Protocol, Exploitation, and Dissemination Cell — Shunts SIGINT by type to databases

15.3.1.3. S31174 Office of Target Pursuit

15.3.2. S32: Tailored Access Operations

15.3.2.1. Network Warfare Team — Liaison with military

15.3.2.2. S321: Remote Operations Center

15.3.2.2.1. Network Ops Center

15.3.2.2.2. Operational Readiness

15.3.2.2.3. Interactive Operations Division

15.3.2.2.4. POLARBREEZE

15.3.2.3. S322 Advanced Network Technologies

15.3.2.3.1. S3222: (software implants)

15.3.2.3.2. S32221: ?

15.3.2.3.3. S32222: (routers, servers, etc.)

15.3.2.3.4. S3223: (hardware implants)

15.3.2.3.5. S3224: ?

15.3.2.3.6. S32241: ?

15.3.2.3.7. S32242: (GSM cell)

15.3.2.3.8. S32243: (radar retro-refl.)

15.3.2.4. S323: Data Network Technologies (researches how to penetrate secure networks)

15.3.2.4.1. Production Operations Division

15.3.2.5. S324: Telecommunications Network Technologies — Develops technologies to penetrate telecom networks

15.3.2.6. S325: Mission Infrastructure Technologies — Operational computer network exploitation and enemy infrastructure vulnerability mapping

15.3.2.6.1. Transaction Branch

15.3.2.7. S327: Targeting and Requirements

15.3.2.8. S328: Access Technologies Operations (computer network attack) — Works with CIA's TMO

15.3.2.9. S32P. TAO Program Planning Integration

15.3.2.10. Access Operations Division — Works with CIA's Technology Management Office / information Operations Division to break into foreign / CI networks

15.3.2.10.1. TURMOIL -- NSA cover term for installation/maintenance and operation of filters, servers and splitters on servers of corporate partners w/ their permission for SIGINT and CNE operations. Each diversion device is called a QUANTUM

15.3.2.10.2. GENIE SIGADs - 3136 (domestic) / 3137 (foreign)

15.3.2.10.3. SSO Close Access Domestic Collection Systems on foreign targets SIGAD US-3136

15.3.3. S33: Link Access // Global Access Operations

15.3.3.1. S332: Terrestrial SIGINT

15.3.3.1.1. OCELOT (FORNSAT)

15.3.3.2. S333: Overhead SIGINT

15.3.3.2.1. Overhead Collection Management Center

15.3.3.2.2. SSPO

15.3.3.3. S33P ISR Portfolio Management Office

15.3.3.3.1. S33P2 Technology Integration Division

15.3.3.3.2. S33P3 Tactical SIGINT Technology Office

15.3.3.4. Community ELINT Management Office

15.3.3.5. VOXGLO -- major cyber and enterprising computing project

15.3.3.6. OCEANSURF Program Office — $450m systems engineering hub

15.3.4. S35 Special Source Operations

15.3.4.1. Cable programs

15.3.4.1.1. LITHIUM

15.3.4.1.2. MADCAPOCELOT - STORMBREW collection program using SIGAD 3140

15.3.4.1.3. DARKTHUNDER

15.3.4.1.4. WINDSTOP

15.3.4.1.5. OAKSTAR -- filtered high-volume collection off international cable transit nodes and foreign access points under FAA/Transit authority and EO12333. Divided by SIGAD and production source.

15.3.4.1.6. SERENADE

15.3.4.1.7. INCENSOR

15.3.4.2. SIGAD US-990 -- Overseas transit switch collection of international communications from FAIRVIEW partner

15.3.4.2.1. US-984T FISA collection from FAIRVIEW corporate access point

15.3.4.3. S352: PRINTAURA — NSA unit involved in data filtering; program office for TRAFFICTHIEF tool

15.3.4.4. Mission Support Hub

15.3.4.5. Large Area Access Working Group

15.3.4.6. S353 -- SIGAD US-984 Collection Programs

15.3.4.6.1. SIGAD US-984 BLARNEY (digital network intelligence / dial number recognition collection from FISA court order approved targets, like spies, agents of foreign powers / traffickers using data flowing through US circuits and nodes. Producer digraph for BLARNEY is AX

15.3.4.6.2. SIGAD US-984X -- FISA Amendments Act collection w/ various programs (including PRISM) on CT, CI, CP and CE targets. Selector must be certified and foreign.

15.3.4.6.3. STORMBREW

15.3.4.7. S3520 -- Office of Target Reconnaissance and Survey

15.3.5. S353 -- Portfolio Management Office

15.3.5.1. AIRSTEED Program Office — Cell phone tracking

15.3.5.1.1. Tactical Platforms Division

15.3.5.2. Crosshair Net Management Center/Crosshair Support Center — Directing finding

15.3.5.3. Radio Frequency Targeted Operations Office

15.3.5.3.1. RFTO Special Projects Office

15.3.6. S34: Collection Strategies and Requirements Center

15.3.6.1. S342: Collection Coordination and Strategies -- resource allocation and metrics

15.3.6.2. S343: Targeting and Mission Management — Approves targets for analysts/makes sure that SIGINT targeting matches intelligence requirements

15.3.6.3. S344: Partnership and Enterprise Management

15.4. SV -- Signals Intelligence Directorate Oversight and Compliance

15.4.1. SV4 FISA Compliance and Processing

15.5. SSG -- SIGDEV Strategy and Governance

15.5.1. SSG 1

15.5.2. SSO Optimization staff

16. COLLECTION MECHANISMS

16.1. Open Source

16.2. SIGINT satellites (NEMESIS, INTRUDER, RAVEN, QUASAR, ORION)

16.3. Mobile collection platforms (EP-3s, U-2s, etc

16.4. F6/Special Collection Service emplaced sensors, CANEX

16.5. F6/Special Collection Service embassy-based listening posts // BIRDCATCHER /EINSTEIN /CASTANET

16.6. RF Collection Sites

16.7. Collection relay mechanisms

16.7.1. SIGINT satellites and relays

16.7.2. SCS base stations

16.7.3. Encrypted packets on the regular internet

16.7.4. Hard cables / fiber optics

16.7.5. DTS covert

16.7.6. SRP platforms

16.7.7. Cables provided by ISPs

16.8. FISA (PRISM, FAA 702) BR FISA PR/TT FISA, FISA ESTABLISHMENT, FAA 704, 705(b)

16.9. ,

16.10. Upstream collection (ingests at fiber hubs -- FAIRVIEW, etc)

16.11. Undersea cable taps (20 worldwide)

16.12. Cable hub splitters

16.13. Direct corporate partner network access points

16.14. Foreign country partner interfaces (FIVE EYES, etc)

16.15. Clandestine foreign telecom hub collection

16.16. FORNSAT intercepts (Stellar, Sounder, Snick, Moonpeny, Carboy, Timberline, Indira, Jacknife, Ironsand, Ladylove) See: http://electrospaces.blogspot.com/2013/12/nsas-global-interception-network.html for details

16.17. Ground SIGINT/FISINT collection sites

16.18. NSA, CIA and FBI implants

16.18.1. New info

16.19. LOPERS -- Public Branch Telephone System collection

16.20. Navy Underwater Reconnaissance Office

16.21. Midpoint collection -- surreptitious collection from nodes place in the middle of data links

17. Office of the Director, NSA (DIRNSA)

17.1. D01: Director’s Operation Group (DOG)

17.2. D05: Director’s Secretariat

17.3. D07: Office of Protocol

17.4. D08: Homeland Security Support Office (HSSO)

17.5. D1: Office of the Inspector General (OIG)

17.6. D2: Office of the General Counsel (OGC)

17.7. D5: Corporate Assessments Office

17.8. D5T: Technology Test and Evaluation

17.9. D6: Office of Equal Employment Oppertunity

17.10. Logo of the Central Security Service (CSS)

17.11. D7: Central Security Service (CSS)

17.12. D709: CSS Staff and Resources

17.13. D7D: Cryptologic Doctrine Office

17.14. D7P: Office of Military Personnel

17.15. D7R: Director's Reserve Forces Advisor

17.16. DC: Director’s Chief of Staff

17.17. DC0: Support

17.18. DC3: Policy

17.19. DC31: Corporate Policy

17.20. DC32: Information Policy

17.21. DC321: Freedom of Information Act and Privacy Act (FOIA/PA)

17.22. DC322: Information Security and Records Management

17.23. DC3221: Information Security Policy

17.24. DC3223: Records Management Policy

17.25. DC323: Automated Declassification Services

17.26. DC33: Technology Security, Export, and Encryption Policy

17.27. DC4: Corporate Strategic Planning and Performance

17.28. DC6: External Relations & Communications

17.29. DC8: Corporate Management Services

17.30. Unified Cryptologic Architecture Office

18. Other major NSA tools and databases

18.1. TWISTEDPATH

18.2. CREEK

18.3. SPITGLASS

18.4. JOLLYROGER

18.5. CADENCE

18.6. GLOBALREACH

18.7. Broom Stick

18.8. JUGGERNAUT -- mobile/data communications collection

18.9. DRTBOX -- possible system for obtaining information from cell phones

18.10. Boundless Informant -- collection volume, type, location and platform visualization too

18.11. MUTANT BROTH

18.12. TRACfin -- financial information database

19. NSA Nitty Gritty -- databases, tasking systems and analytical interfaces

19.1. SIGINT ANALYTICAL and PROCESSING TOOLS

19.1.1. AQUADOR — Merchant ship tracking tool

19.1.2. ASSOCIATION Selector correlation and analysis tool

19.1.3. BANYAN — NSA tactical geospatial correlation database

19.1.4. WealthyCluster -- data mining tool for CT

19.1.5. TUSKATTIRE - data processing system

19.1.6. ShellTrumpet -- metadata processing

19.1.7. MESSIAH/WHAMI — ELINT processing and analytical database

19.1.8. TAPERLAY -- Global database of telephone numbers/selectors by type (GSM,etc)

19.1.9. OCTSKYWARD - GSM tool

19.1.10. TWINSERPENT -- phone book tool

19.1.11. WRTBOX -- collection from PSTN overseas

19.1.12. Tools

19.1.12.1. Unified Targeting Tool

19.1.12.2. CHALKFUN -- metadata location record database

19.1.12.3. SPYDER -- SMS/metadata query tool

19.1.12.4. XKEYSCORE global SIGINT analysis system

19.1.12.5. AIRGAP — Priority missions tool used to determine SIGINT gaps

19.1.12.6. TRAFFICTHIEF — Raw SIGINT viewer and sorter for data analysis

19.1.12.7. TRANSx

19.1.12.8. Bpundless Informant

19.1.13. DISHFIRE -- SMS collection and analysis from digital network information and records ingested by the MUL:KBONE database

19.2. COLLECTION REQUIREMENTS AND TASKING

19.2.1. CASPORT -- main NSA corporate / access identification tool used to control product dissemination

19.2.2. OCTAVE/CONTRAOCTIVE — Collection mission tasking tool -- where "selectors" live

19.2.2.1. PEPPERBOX -- database of targeting requests

19.2.3. HOMEBASE — A tactical tasking tool for digital network identification

19.2.4. SURREY DNI / SIGINT tasking database

19.2.5. DISHFIRE -- Associational and relational database for political and strategic intelligence by key selectors

19.2.6. AGILITY -- database of foreign intelligence selectors (non CT)

19.2.7. CHIPPEWA -- system to exchange SIGINT tasking / data with allies

19.3. DNI/DNR and network penetration tools and system

19.3.1. CNO TOOLS

19.3.1.1. SHARKFINN

19.3.1.2. BROKENTIGO

19.3.1.3. EMBRACEFLINT

19.3.1.4. LONGHAUL

19.3.1.5. EGOTISTICAL GOAT / EGOTISTICAL GIRAFFE

19.3.1.6. ATLAS -- DNI geolocation and network information tool

19.3.1.7. DANAUS -- DNS discovery tool / reverse DNS

19.3.1.8. BLACKPEARL -- survey information tool

19.3.1.9. ERRONEOUS INGENUITY

19.3.1.10. TIDALSURGE -- DNI router configuration discovery

19.3.1.11. ATHENA -- port discovery probe tool

19.3.1.12. SNORT — Repository of computer network attack techniques/coding

19.3.1.13. TREASUREMAP -- Global Internet Mapping/Analysis tool

19.3.1.13.1. PACKAGED GOODS -- global internet exploitation tool / traces routes of information

19.3.1.14. EVILOLIVE -- IP Geolocation

19.3.1.15. HYPERION -- IP to IP communication survey tool

19.3.1.16. WIRESHARK — Repository of malicious network signatures

19.3.1.17. TRITON -- TOR node search tool

19.3.1.18. ISLANDTRANSPORT -- Enterprise Message Service processor

19.3.2. FOXACID

19.3.3. TOYGRIPPE -- VPN collection

19.3.3.1. FRIARTUCK

19.3.3.2. MASTERSHAKE -- VSAT Terminal emulator

19.3.4. TURBULENCE -- global "advanced forward defense" internet architecture built for NSA; employs the QUANTUM THEORY system, global distributed passive sensors to detect target traffic and tip a centralized command/control node (QFIRE).

19.3.4.1. TURMOIL --High-speed passive collection systems intercept foreign target satellite, microwave, and cable communications as thev transit the globe

19.3.4.1.1. TURBINE -- active SIGINT collection off of TURBULENCE architecture

19.3.4.2. TUELAGE -- active CND off the TURBULENCE architecture

19.3.4.3. TUMULT -- Stage 0 server for TURBULENCE architecture

20. SIGDEV/TARGET APPROVAL/COMPLIANCE

20.1. PRODUCT LINE TOPIC OFFICE OF PRIMARY INTEREST offices

20.2. FISA Special Adjudication Office

20.3. S2I5 Compliance Staff

20.4. S343 Prioritizing and Approval of Targets

20.5. SV SIGINT Governance and Compliance Division

20.6. FBI

20.7. OGC

21. Sources: author’s reporting and research; Cryptome.org; Matthew Aid, Edward Snowden documents; Top Level Telecommunications website; http://electrospaces.blogspot.com), reporting in the Guardian, New York Times, Washington Post

22. M: Human Resources — Q: Security and Counterintelligence

22.1. Q2: Office of Military Personnel

22.2. Q3: Office of Civilian Personnel

22.3. QJ1: HR operations/global personnel SA

22.4. Q43: Information Policy Division

22.5. Q5: Office of Security

22.6. Q509: Security Policy Staff

22.7. Q51: Physical Security Division

22.8. Q52: Field Security Division

22.9. Q55: NSA CCAO

22.10. Q56: Security Awareness

22.11. Q57: Polygraph

22.12. Q7: Counterintelligence

22.13. Q123

23. SURPUUSHANGAR -- covert mechanism to ingest unclassified traffic into high side servers

24. Special FISA adjudication

25. S3221: (persistence software)

26. SATC

27. V -- NATIONAL THREAT OPERATIONS CENTER (CYBER)

27.1. V1 Staff Services

27.2. V2 Analysis

27.3. V3 Operations

27.3.1. V34 -- Next Generation Wireless (NGW)

28. FROM THERE to Ft. Meade -- How data moves at NSA

28.1. NUCLEON — Global content database

28.1.1. CONVEYENCE DNI content database

28.2. WRANGLER — Electronic Intelligence intercept raw database

28.3. ONEROOF — Main tactical SIGINT database (Afghanistan), consisting of raw and unfiltered intercepts, associated with Coastline tool

28.4. PROTON — Large SIGINT database for time-sensitive targets/counterintelligence. Associated with Criss-Cross tool.

28.5. MARINA / MAINWAY Internet metadata collection database / SIGINT metadata collection database

28.5.1. PINWALE — SIGINT content database

28.6. CULTWEAVE

28.7. FASCIA -- major metadata ingest processor that sends to Ft. Meade stuff that NSA collects out there

28.8. FASTBALL -- automated DNI analytical processing system

28.9. FALLOUT -- major content ingest processor that sends to Ft. Meade in raw, unstructured form for later processing. Generally for unstructured data.

28.10. TUNINGFORK

28.11. Reporting tools

28.11.1. CPE

28.11.2. Voice master

28.11.3. Center mass

28.11.4. Gist Queue

28.11.5. YELLOWSTONE -- assigns metrics for allocation and distributing ingested SIGINT product.

28.11.6. TAC

28.11.7. AHMS

28.11.8. SKYWRITER

28.12. PRESSUREWAVE

28.13. FASTSCOPE