1. SURPUUSHANGAR -- covert mechanism to ingest unclassified traffic into high side servers
2. Special FISA adjudication
3. S3221: (persistence software)
4. SATC
5. V -- NATIONAL THREAT OPERATIONS CENTER (CYBER)
5.1. V1 Staff Services
5.2. V2 Analysis
5.3. V3 Operations
5.3.1. V34 -- Next Generation Wireless (NGW)
6. FROM THERE to Ft. Meade -- How data moves at NSA
6.1. NUCLEON — Global content database
6.1.1. CONVEYENCE DNI content database
6.2. WRANGLER — Electronic Intelligence intercept raw database
6.3. ONEROOF — Main tactical SIGINT database (Afghanistan), consisting of raw and unfiltered intercepts, associated with Coastline tool
6.4. PROTON — Large SIGINT database for time-sensitive targets/counterintelligence. Associated with Criss-Cross tool.
6.5. MARINA / MAINWAY Internet metadata collection database / SIGINT metadata collection database
6.5.1. PINWALE — SIGINT content database
6.6. CULTWEAVE
6.7. FASCIA -- major metadata ingest processor that sends to Ft. Meade stuff that NSA collects out there
6.8. FASTBALL -- automated DNI analytical processing system
6.9. FALLOUT -- major content ingest processor that sends to Ft. Meade in raw, unstructured form for later processing. Generally for unstructured data.
6.10. TUNINGFORK
6.11. Reporting tools
6.11.1. CPE
6.11.2. Voice master
6.11.3. Center mass
6.11.4. Gist Queue
6.11.5. YELLOWSTONE -- assigns metrics for allocation and distributing ingested SIGINT product.
6.11.6. TAC
6.11.7. AHMS
6.11.8. SKYWRITER
6.12. PRESSUREWAVE
6.13. FASTSCOPE
7. Top Priority SIGINT Missions
7.1. Support to USSS / presidential protection and national programs, including, under special authorities, NSSEs
7.2. Warning / imminent military and strategic threats from China, Russia,
7.3. Counter-foreign intelligence and counter-intelligence
7.4. CT/CN/CP/CE
7.5. Collection on military plans and strategies of China, Russia, Iran, North Korea, Israel
7.6. Ballistic missile defense
7.7. Domestic electronic CT wall
7.8. Political intelligence
7.9. Iranian, North Korean, Israeli, Pakistani proliferation and defensive CI activities
8. Requirements and Tasking
8.1. NIPF
8.2. IIR
8.3. Colesium
8.4. Validation
8.4.1. DNI Mission Managers
8.4.2. SOO / SigDev
8.4.3. NSRTasking
8.4.4. Deconfliction
8.4.5. Successor to Echelon
8.4.6. S34
9. Collection types
9.1. Midpoint collection
9.2. CNE enabled implants
9.3. Endpoint collection
9.4. Corporate access point collection
9.5. Overhead collection
9.6. foreign satellite collection
9.7. Clandestine signal collection
9.8. Undersea collection
9.9. Airborne collection
9.10. Close access point collection
10. COLLECTION MECHANISMS
10.1. Open Source
10.2. SIGINT satellites (NEMESIS, INTRUDER, RAVEN, QUASAR, ORION)
10.3. Mobile collection platforms (EP-3s, U-2s, etc
10.4. F6/Special Collection Service emplaced sensors, CANEX
10.5. F6/Special Collection Service embassy-based listening posts // BIRDCATCHER /EINSTEIN /CASTANET
10.6. RF Collection Sites
10.7. Collection relay mechanisms
10.7.1. SIGINT satellites and relays
10.7.2. SCS base stations
10.7.3. Encrypted packets on the regular internet
10.7.4. Hard cables / fiber optics
10.7.5. DTS covert
10.7.6. SRP platforms
10.7.7. Cables provided by ISPs
10.8. FISA (PRISM, FAA 702) BR FISA PR/TT FISA, FISA ESTABLISHMENT, FAA 704, 705(b)
10.9. ,
10.10. Upstream collection (ingests at fiber hubs -- FAIRVIEW, etc)
10.11. Undersea cable taps (20 worldwide)
10.12. Cable hub splitters
10.13. Direct corporate partner network access points
10.14. Foreign country partner interfaces (FIVE EYES, etc)
10.15. Clandestine foreign telecom hub collection
10.16. FORNSAT intercepts (Stellar, Sounder, Snick, Moonpeny, Carboy, Timberline, Indira, Jacknife, Ironsand, Ladylove) See: http://electrospaces.blogspot.com/2013/12/nsas-global-interception-network.html for details
10.17. Ground SIGINT/FISINT collection sites
10.18. NSA, CIA and FBI implants
10.18.1. New info
10.19. LOPERS -- Public Branch Telephone System collection
10.20. Navy Underwater Reconnaissance Office
10.21. Midpoint collection -- surreptitious collection from nodes place in the middle of data links
11. Other major NSA tools and databases
11.1. TWISTEDPATH
11.2. CREEK
11.3. SPITGLASS
11.4. JOLLYROGER
11.5. CADENCE
11.6. GLOBALREACH
11.7. Broom Stick
11.8. JUGGERNAUT -- mobile/data communications collection
11.9. DRTBOX -- possible system for obtaining information from cell phones
11.10. Boundless Informant -- collection volume, type, location and platform visualization too
11.11. MUTANT BROTH
11.12. TRACfin -- financial information database
12. NSA Nitty Gritty -- databases, tasking systems and analytical interfaces
12.1. SIGINT ANALYTICAL and PROCESSING TOOLS
12.1.1. AQUADOR — Merchant ship tracking tool
12.1.2. ASSOCIATION Selector correlation and analysis tool
12.1.3. BANYAN — NSA tactical geospatial correlation database
12.1.4. WealthyCluster -- data mining tool for CT
12.1.5. TUSKATTIRE - data processing system
12.1.6. ShellTrumpet -- metadata processing
12.1.7. MESSIAH/WHAMI — ELINT processing and analytical database
12.1.8. TAPERLAY -- Global database of telephone numbers/selectors by type (GSM,etc)
12.1.9. OCTSKYWARD - GSM tool
12.1.10. TWINSERPENT -- phone book tool
12.1.11. WRTBOX -- collection from PSTN overseas
12.1.12. Tools
12.1.12.1. Unified Targeting Tool
12.1.12.2. CHALKFUN -- metadata location record database
12.1.12.3. SPYDER -- SMS/metadata query tool
12.1.12.4. XKEYSCORE global SIGINT analysis system
12.1.12.5. AIRGAP — Priority missions tool used to determine SIGINT gaps
12.1.12.6. TRAFFICTHIEF — Raw SIGINT viewer and sorter for data analysis
12.1.12.7. TRANSx
12.1.12.8. Bpundless Informant
12.1.13. DISHFIRE -- SMS collection and analysis from digital network information and records ingested by the MUL:KBONE database
12.2. COLLECTION REQUIREMENTS AND TASKING
12.2.1. CASPORT -- main NSA corporate / access identification tool used to control product dissemination
12.2.2. OCTAVE/CONTRAOCTIVE — Collection mission tasking tool -- where "selectors" live
12.2.2.1. PEPPERBOX -- database of targeting requests
12.2.3. HOMEBASE — A tactical tasking tool for digital network identification
12.2.4. SURREY DNI / SIGINT tasking database
12.2.5. DISHFIRE -- Associational and relational database for political and strategic intelligence by key selectors
12.2.6. AGILITY -- database of foreign intelligence selectors (non CT)
12.2.7. CHIPPEWA -- system to exchange SIGINT tasking / data with allies
12.3. DNI/DNR and network penetration tools and system
12.3.1. CNO TOOLS
12.3.1.1. SHARKFINN
12.3.1.2. BROKENTIGO
12.3.1.3. EMBRACEFLINT
12.3.1.4. LONGHAUL
12.3.1.5. EGOTISTICAL GOAT / EGOTISTICAL GIRAFFE
12.3.1.6. ATLAS -- DNI geolocation and network information tool
12.3.1.7. DANAUS -- DNS discovery tool / reverse DNS
12.3.1.8. BLACKPEARL -- survey information tool
12.3.1.9. ERRONEOUS INGENUITY
12.3.1.10. TIDALSURGE -- DNI router configuration discovery
12.3.1.11. ATHENA -- port discovery probe tool
12.3.1.12. SNORT — Repository of computer network attack techniques/coding
12.3.1.13. TREASUREMAP -- Global Internet Mapping/Analysis tool
12.3.1.13.1. PACKAGED GOODS -- global internet exploitation tool / traces routes of information
12.3.1.14. EVILOLIVE -- IP Geolocation
12.3.1.15. HYPERION -- IP to IP communication survey tool
12.3.1.16. WIRESHARK — Repository of malicious network signatures
12.3.1.17. TRITON -- TOR node search tool
12.3.1.18. ISLANDTRANSPORT -- Enterprise Message Service processor
12.3.2. FOXACID
12.3.3. TOYGRIPPE -- VPN collection
12.3.3.1. FRIARTUCK
12.3.3.2. MASTERSHAKE -- VSAT Terminal emulator
12.3.4. TURBULENCE -- global "advanced forward defense" internet architecture built for NSA; employs the QUANTUM THEORY system, global distributed passive sensors to detect target traffic and tip a centralized command/control node (QFIRE).
12.3.4.1. TURMOIL --High-speed passive collection systems intercept foreign target satellite, microwave, and cable communications as thev transit the globe
12.3.4.1.1. TURBINE -- active SIGINT collection off of TURBULENCE architecture
12.3.4.2. TUELAGE -- active CND off the TURBULENCE architecture
12.3.4.3. TUMULT -- Stage 0 server for TURBULENCE architecture
13. SIGDEV/TARGET APPROVAL/COMPLIANCE
13.1. PRODUCT LINE TOPIC OFFICE OF PRIMARY INTEREST offices
13.2. FISA Special Adjudication Office
13.3. S2I5 Compliance Staff
13.4. S343 Prioritizing and Approval of Targets
13.5. SV SIGINT Governance and Compliance Division
13.6. FBI
13.7. OGC
14. Sources: author’s reporting and research; Cryptome.org; Matthew Aid, Edward Snowden documents; Top Level Telecommunications website; http://electrospaces.blogspot.com), reporting in the Guardian, New York Times, Washington Post
15. M: Human Resources — Q: Security and Counterintelligence
15.1. Q2: Office of Military Personnel
15.2. Q3: Office of Civilian Personnel
15.3. QJ1: HR operations/global personnel SA
15.4. Q43: Information Policy Division
15.5. Q5: Office of Security
15.6. Q509: Security Policy Staff
15.7. Q51: Physical Security Division
15.8. Q52: Field Security Division
15.9. Q55: NSA CCAO
15.10. Q56: Security Awareness
15.11. Q57: Polygraph
15.12. Q7: Counterintelligence
15.13. Q123
16. Cross-functional units // co-located with SID S2 Production Lines
16.1. Integrated Broadcast Support Services Office — Provides SIGINT "RSS" feeds to customers
16.2. DEFSMAC: Defense Special Missile and Aerospace Center
16.3. Unified Cryptologic Architecture Office
16.3.1. Integration
16.3.2. Systems Engineering/Architecture Analyses and Issues
16.3.3. Architecture
16.3.4. Process
16.3.5. Planning and Financial Management
16.4. Plans and Exercise Office
16.4.1. NSA Continuity Programs Office
16.4.2. Military Exercise Office
16.4.3. Continuity Engineering Office
16.5. J2 Cryptologic Intelligence Unit (collects intelligence on worldwide cryptologic efforts).
17. Directorate for Education and Training
18. Directorate for Corporate Leadership
19. Foreign Affairs Directorate — Liaison with foreign intelligence services, counter-intelligence centers, UK/USA and FIVE EYES exchanges
19.1. Office of Export Control Policy
19.2. SUSLOs
19.3. UKUSA governing council
20. NSA Acquisitions and Procurement Directorate
20.1. Program Executive Office — Oversees acquisition of major NSA backbone projects like TRAILBLAZER, CMM, REBA, JOURNEYMAN, and ICEBERG
20.2. Advanced Analytical Laboratory
20.3. Corporate Assessments Offices
20.4. Rebuilding Analysis Program Office
20.5. Knowledge System Prototype Program Office
20.6. Maryland Procurement Office
20.6.1. Acquisitions Program Manager for Signals Intelligence
20.6.2. Acquisitions Program Manager for Research
20.7. Acquisition Logistics Integrated Product Team
21. Information Assurance Directorate
21.1. IC: Cyber Integration Division
21.2. IE: Engagement Division
21.2.1. Client Engagement and Community Outreach Group
21.2.2. Interagency Operations Security Support Staff (OPSEC)
21.3. I2: Trusted Engineering Solutions
21.3.1. I2N: Office of National and Nuclear Command Capabilities — Provides the launch codes for nuclear weapons
21.3.1.1. Electronic Key Support Central Management Facility — Provides over-the-air code keying for the entire national security establishment
21.3.2. Information Technology Infrastructure Services (ITIS) System Office
21.4. I3: Information Operations
21.4.1. Mission Integration Office
21.4.2. Technical Security Evaluations
21.4.3. Red Cell — Conducts surprise penetrations of U.S. government networks
21.4.4. Blue Cell — Conducts audits of U.S. government networks
21.4.5. HUNT: Advanced adversary network penetration cell — Monitors NSA networks 24/7 to detect advanced cyber penetrations
21.4.6. Joint Communications Security Monitoring Agency
21.5. I4: Fusion, Analysis, Mitigation
22. Research Directorate
22.1. R1: Math
22.2. R2: Trusted Systems
22.3. R3: LPS — Physical science lab
22.4. R4: LTS — Telecom science lab ( high-speed networks, wireless communications, and quantum key distribution)
22.5. R05: Center for the Advanced Study of Language
22.6. R6: Computer and Information Science
22.7. RX: Special Access Programs/Compartmented Research
23. Signals Intelligence Directorate
23.1. S1: Enterprise Engagement and Mission Management
23.1.1. A&R Watch (K Watch Ops) 199
23.1.2. S11: Customer Gateway
23.1.3. S12: Information Sharing and Services Branch
23.1.3.1. Partnership Dissemination Cell
23.1.4. S124: Staff Services Division
23.1.5. NSA Commercial Solutions Center
23.1.6. S17 Strategic Intelligence Issues
23.1.7. S1E -- Electromagnetic Space Program Office
23.1.8. S1P Plans and Exercise Division
23.1.8.1. S1P1 -- SOCOM/NORTHCOM SIGINT planning
23.1.8.2. S1P2 - Combatant Commands SIGINT planning
23.2. S2: Analysis and Production Centers
23.2.1. FISA Special Adjudication Office — Provides 24/7 support to each product line shift to facilitate rapid FISA processing
23.2.2. NSA Product Lines
23.2.2.1. S2A: South Asia
23.2.2.1.1. S25A51 -- South Asian Language Analysis Branch
23.2.2.1.2. S25A52 -- South Asian Reporting Branch
23.2.2.1.3. S25A4 -- Pakistan
23.2.2.2. S2B: China and Korea
23.2.2.3. S2I: Counterterrorism Production Center
23.2.2.3.1. S2IX: Special Counterterrorism Operations // CT Special Projects
23.2.2.3.2. S2I42 -- Hezbollah Team
23.2.2.3.3. S2I5 Advanced Analysis Division (FISA analysis) program manager, deputy program manager, 5 shift supervisors, 125 analysts
23.2.2.3.4. S2I43 -- NOM Team
23.2.2.3.5. Counterterrorism Mission Aligned Cell (CT-MAC) -- sensitive counter-terrorism support to CIA
23.2.2.3.6. S2I4 Homeland Mission Center
23.2.2.3.7. Metadata Analysis Center
23.2.2.4. S2C: International Security
23.2.2.4.1. S2C42 -- Western Europe and Strategic Partnership Division
23.2.2.4.2. S2C41 Mexico Team
23.2.2.4.3. S2C32 European States Branch
23.2.2.5. S2D: Counter-foreign intelligence
23.2.2.6. S2E: Middle East/Asia
23.2.2.7. S2F: International Crime
23.2.2.8. S2G: Counterproliferation
23.2.2.9. S2H: Russia
23.2.2.10. S2T: Current Threats
23.2.2.10.1. S2T3: NSA/CSS Threat Operations Center
23.2.2.11. S2J: Weapons and Space
23.2.2.12. S203: Access Team for Operations Staff
23.2.3. K -- National Security Operations Center
23.2.3.1. National Security Operations Center — Main NSA intelligence watch facility
23.2.3.1.1. DECKPIN — NSA crisis cell activated during emergencies
23.2.3.1.2. Homeland Security Analysis Center
23.2.3.1.3. CMM — Cryptologic Management Mission program office
23.3. S3: Data Acquisition
23.3.1. S31: Cryptologic Exploitation Services
23.3.1.1. Signals and Surveys Analysis Division
23.3.1.1.1. Technical Exploitation Center
23.3.1.1.2. Project BULLRUN
23.3.1.2. S3132: Protocol, Exploitation, and Dissemination Cell — Shunts SIGINT by type to databases
23.3.1.3. S31174 Office of Target Pursuit
23.3.2. S32: Tailored Access Operations
23.3.2.1. Network Warfare Team — Liaison with military
23.3.2.2. S321: Remote Operations Center
23.3.2.2.1. Network Ops Center
23.3.2.2.2. Operational Readiness
23.3.2.2.3. Interactive Operations Division
23.3.2.2.4. POLARBREEZE
23.3.2.3. S322 Advanced Network Technologies
23.3.2.3.1. S3222: (software implants)
23.3.2.3.2. S32221: ?
23.3.2.3.3. S32222: (routers, servers, etc.)
23.3.2.3.4. S3223: (hardware implants)
23.3.2.3.5. S3224: ?
23.3.2.3.6. S32241: ?
23.3.2.3.7. S32242: (GSM cell)
23.3.2.3.8. S32243: (radar retro-refl.)
23.3.2.4. S323: Data Network Technologies (researches how to penetrate secure networks)
23.3.2.4.1. Production Operations Division
23.3.2.5. S324: Telecommunications Network Technologies — Develops technologies to penetrate telecom networks
23.3.2.6. S325: Mission Infrastructure Technologies — Operational computer network exploitation and enemy infrastructure vulnerability mapping
23.3.2.6.1. Transaction Branch
23.3.2.7. S327: Targeting and Requirements
23.3.2.8. S328: Access Technologies Operations (computer network attack) — Works with CIA's TMO
23.3.2.9. S32P. TAO Program Planning Integration
23.3.2.10. Access Operations Division — Works with CIA's Technology Management Office / information Operations Division to break into foreign / CI networks
23.3.2.10.1. TURMOIL -- NSA cover term for installation/maintenance and operation of filters, servers and splitters on servers of corporate partners w/ their permission for SIGINT and CNE operations. Each diversion device is called a QUANTUM
23.3.2.10.2. GENIE SIGADs - 3136 (domestic) / 3137 (foreign)
23.3.2.10.3. SSO Close Access Domestic Collection Systems on foreign targets SIGAD US-3136
23.3.3. S33: Link Access // Global Access Operations
23.3.3.1. S332: Terrestrial SIGINT
23.3.3.1.1. OCELOT (FORNSAT)
23.3.3.2. S333: Overhead SIGINT
23.3.3.2.1. Overhead Collection Management Center
23.3.3.2.2. SSPO
23.3.3.3. S33P ISR Portfolio Management Office
23.3.3.3.1. S33P2 Technology Integration Division
23.3.3.3.2. S33P3 Tactical SIGINT Technology Office
23.3.3.4. Community ELINT Management Office
23.3.3.5. VOXGLO -- major cyber and enterprising computing project
23.3.3.6. OCEANSURF Program Office — $450m systems engineering hub
23.3.4. S35 Special Source Operations
23.3.4.1. Cable programs
23.3.4.1.1. LITHIUM
23.3.4.1.2. MADCAPOCELOT - STORMBREW collection program using SIGAD 3140
23.3.4.1.3. DARKTHUNDER
23.3.4.1.4. WINDSTOP
23.3.4.1.5. OAKSTAR -- filtered high-volume collection off international cable transit nodes and foreign access points under FAA/Transit authority and EO12333. Divided by SIGAD and production source.
23.3.4.1.6. SERENADE
23.3.4.1.7. INCENSOR
23.3.4.2. SIGAD US-990 -- Overseas transit switch collection of international communications from FAIRVIEW partner
23.3.4.2.1. US-984T FISA collection from FAIRVIEW corporate access point
23.3.4.3. S352: PRINTAURA — NSA unit involved in data filtering; program office for TRAFFICTHIEF tool
23.3.4.4. Mission Support Hub
23.3.4.5. Large Area Access Working Group
23.3.4.6. S353 -- SIGAD US-984 Collection Programs
23.3.4.6.1. SIGAD US-984 BLARNEY (digital network intelligence / dial number recognition collection from FISA court order approved targets, like spies, agents of foreign powers / traffickers using data flowing through US circuits and nodes. Producer digraph for BLARNEY is AX
23.3.4.6.2. SIGAD US-984X -- FISA Amendments Act collection w/ various programs (including PRISM) on CT, CI, CP and CE targets. Selector must be certified and foreign.
23.3.4.6.3. STORMBREW
23.3.4.7. S3520 -- Office of Target Reconnaissance and Survey
23.3.5. S353 -- Portfolio Management Office
23.3.5.1. AIRSTEED Program Office — Cell phone tracking
23.3.5.1.1. Tactical Platforms Division
23.3.5.2. Crosshair Net Management Center/Crosshair Support Center — Directing finding
23.3.5.3. Radio Frequency Targeted Operations Office
23.3.5.3.1. RFTO Special Projects Office
23.3.6. S34: Collection Strategies and Requirements Center
23.3.6.1. S342: Collection Coordination and Strategies -- resource allocation and metrics
23.3.6.2. S343: Targeting and Mission Management — Approves targets for analysts/makes sure that SIGINT targeting matches intelligence requirements
23.3.6.3. S344: Partnership and Enterprise Management
23.4. SV -- Signals Intelligence Directorate Oversight and Compliance
23.4.1. SV4 FISA Compliance and Processing
23.5. SSG -- SIGDEV Strategy and Governance
23.5.1. SSG 1
23.5.2. SSO Optimization staff
24. F6: Special Collection Service HQ (Beltsville, MD) —STATEROOM-- Joint CIA/NSA field collection agency operating from embassies and other denied locations. Director reports to DIRNSA
25. SCI COMPARTMENTS
25.1. SI or COMINT -- top-level SCI compartment; denotes sensitive SiGINT, DNI and cyber sources and methods
25.1.1. ECI -- COMINT subcompartment. with further subcompartments, which protect NSA relationships with other government agencies and private companies as well as specific sources, cryptalanaric breakthroughs and capabilities
25.1.1.1. ECI-FGT --> SCS Product
25.1.1.2. ECI-AMB Ambulate
25.1.1.3. ECI-PIQ Picaresque
25.1.1.4. ECI compartments include PIEDMONT, PENDLETON, PITCHFORK, PAWLEYS, AUNTIE, PAINTEDEAGLE
25.2. VRK -- exceptionally sensitive sources of national and strategic importance
25.3. RAGTIME -- protects "product " gathered from FISA intercepts
25.4. RAMPART --codeword for foreign leader SIGINT - RAM-A, RAM-X, RAM-T, RAM-M
25.5. PANGRAM
25.6. TSP -
26. T: Technical Directorate
26.1. TE: Enterprise Systems Engineering and Architecture
26.2. TS: Information Systems and Security
26.2.1. Public Key Infrastructure (PKI) Program Management Office (PMO)
26.3. TT: Independent Test and Evaluation
26.4. T1: Mission Capabilities
26.4.1. T132 — The "scissors" team: division that physically separates traffic by type once it's been ingested
26.4.2. Strategic SATCOM Security Engineering Office
26.4.3. T1221
26.5. T2: Business Capabilities
26.6. T3: Enterprise IT Services
26.6.1. T3221: Transport Field Services
26.6.2. T334: National Signals Processing Center
26.6.3. T335: Deployable Communications Operations
26.6.4. T332 Global Enterprise Command Center
26.7. T5: CARILLION — High performance computing center
26.8. T6: Technical SIGINT and Ground Capabilities
26.9. OTRS -- Office of Target Reconnaissance and Survey -- provides rapid technological solutions for tactical SIGINT problems
27. Large domestic operating field sites
27.1. Columbia, MD
27.2. Friendship Annex, Linthicum, MD
27.3. Finksberg, MD
27.4. Bowie, MD
27.5. College Park, MD
27.6. Ft. Belvoir, VA
27.7. Fairfax, VA
27.8. Washington, DC
27.9. Ft. Detrick (Site R)
27.10. Camp Williams, UT
27.11. NSA Georgia (Ft. Gordon)
27.12. NSA Texas (Lackland AFB, San Antonio)
27.13. Greenville, TX
27.14. NSA Denver (Aurora), co-located with CIA's National Resources Division
27.15. NSA Oak Ridge (Tennessee)
27.16. Yakima, WA JACKNIFE
27.17. Winter Harbor, ME
27.18. Formerly: Sugar Grove, WV, Rosman, NC TIMBERLINE
27.19. NSA Continuity of Government site
27.20. NSA CMOC -- Cheyenne Mounfain
27.21. NSA Field Stations — Remote collection and analytical facilities
27.21.1. F74: Meade Operations Center — 24/7 SIGINT support to deployed military units
27.21.2. SORC/FP: Special Operations Readiness Cells (Focal Point) — Support to special operations forces as part of the Focal Point Special Access Program