jason-callaway/make_issues.py

## make_issues.py
import time
from github import Github

# We have pre-fab issues in my_issues.py that I generated from the spreadsheet.
# TODO: make this automatic
from my_issues import *

'''
my_issues.py example:
i = {}
i[u'AT-1_N_00'] = u"SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES Control: The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A security awareness and training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and "
i[u'AT-1_N_01'] = u"2. Procedures to facilitate the implementation of the security awareness and training policy and associated security awareness and training controls; and "
i[u'AT-1_N_02'] = u"b. Reviews and updates the current: 1. Security awareness and training policy [Assignment: organization-defined frequency]; and "
i[u'AT-1_N_03'] = u"2. Security awareness and training procedures [Assignment: organization-defined frequency]. "
i[u'AT-2_N_00'] = u"SECURITY AWARENESS TRAINING Control: The organization provides basic security awareness training to information system users (including managers, senior executives, and contractors): a. As part of initial training for new users; "
i[u'AT-2_N_01'] = u"b. When required by information system changes; and "
i[u'AT-2_N_02'] = u"c. [Assignment: organization-defined frequency] thereafter. "
i[u'AT-3_N_00'] = u"ROLE-BASED SECURITY TRAINING Control: The organization provides role-based security training to personnel with assigned security roles and responsibilities: a. Before authorizing access to the information system or performing assigned duties; "
i[u'AT-3_N_01'] = u"b. When required by information system changes; and "
i[u'AT-3_N_02'] = u"c. [Assignment: organization-defined frequency] thereafter. "
i[u'AT-4_N_00'] = u"SECURITY TRAINING RECORDS Control: The organization: a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and "
i[u'AT-4_N_01'] = u"b. Retains individual training records for [Assignment: organization-defined time period]. "
i[u'AU-2_N_01'] = u"b. Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events; "
i[u'AU-3(2)_N_00'] = u"CONTENT OF AUDIT RECORDS | CENTRALIZED MANAGEMENT OF PLANNED AUDIT RECORD CONTENT The information system provides centralized management and configuration of the content to be captured in audit records generated by [Assignment: organization-defined information system components]. "
i[u'AU-5_N_00'] = u"RESPONSE TO AUDIT PROCESSING FAILURES Control: The information system: a. Alerts [Assignment: organization-defined personnel or roles] in the event of an audit processing failure; and "
i[u'AU-5(2)_N_00'] = u"RESPONSE TO AUDIT PROCESSING FAILURES | REAL-TIME ALERTS The information system provides an alert in [Assignment: organization-defined real-time period] to [Assignment: organization-defined personnel, roles, and/or locations] when the following audit failure events occur: [Assignment: organization-defined audit failure events requiring real-time alerts]. "
i[u'AU-6_N_00'] = u"AUDIT REVIEW, ANALYSIS, AND REPORTING Control: The organization: a. Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and "
i[u'AU-6_N_01'] = u"b. Reports findings to [Assignment: organization-defined personnel or roles]. "
i[u'AU-6(5)_N_00'] = u"AUDIT REVIEW, ANALYSIS, AND REPORTING | INTEGRATION / SCANNING AND MONITORING CAPABILITIES The organization integrates analysis of audit records with analysis of [Selection (one or more): vulnerability scanning information; performance data; information system monitoring information; [Assignment: organization-defined data/information collected from other sources]] to further enhance the ability to identify inappropriate or unusual activity. "
i[u'AU-6(6)_N_00'] = u"AUDIT REVIEW, ANALYSIS, AND REPORTING | CORRELATION WITH PHYSICAL MONITORING The organization correlates information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity. "
i[u'AU-7_N_00'] = u"AUDIT REDUCTION AND REPORT GENERATION Control: The information system provides an audit reduction and report generation capability that: a. Supports on-demand audit review, analysis, and reporting requirements and after-the-fact investigations of security incidents; and "
i[u'AU-7_N_01'] = u"b. Does not alter the original content or time ordering of audit records. "
i[u'AU-7(1)_N_00'] = u"AUDIT REDUCTION AND REPORT GENERATION | AUTOMATIC PROCESSING The information system provides the capability to process audit records for events of interest based on [Assignment: organization-defined audit fields within audit records]. "
i[u'AU-9_N_00'] = u"PROTECTION OF AUDIT INFORMATION Control: The information system protects audit information and audit tools from unauthorized access, modification, and deletion. "
i[u'AU-9(3)_N_00'] = u"PROTECTION OF AUDIT INFORMATION | CRYPTOGRAPHIC PROTECTION The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools. "
i[u'CA-7_N_00'] = u"CONTINUOUS MONITORING Control: The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; "
i[u'CA-7_N_01'] = u"b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; "
i[u'CA-7_N_02'] = u"c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; "
i[u'CA-7_N_03'] = u"d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; "
i[u'CA-7_N_04'] = u"e. Correlation and analysis of security-related information generated by assessments and monitoring; "
i[u'CA-7_N_05'] = u"f. Response actions to address results of the analysis of security-related information; and "
i[u'CA-7_N_06'] = u"g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. "
i[u'CA-7(1)_N_00'] = u"CONTINUOUS MONITORING | INDEPENDENT ASSESSMENT The organization employs assessors or assessment teams with [Assignment: organization-defined level of independence] to monitor the security controls in the information system on an ongoing basis. "
i[u'CA-9_N_00'] = u"INTERNAL SYSTEM CONNECTIONS Control: The organization: a. Authorizes internal connections of [Assignment: organization-defined information system components or classes of components] to the information system; and "
i[u'CA-9_N_01'] = u"b. Documents, for each internal connection, the interface characteristics, security requirements, and the nature of the information communicated. "
i[u'CM-1_N_00'] = u"CONFIGURATION MANAGEMENT POLICY AND PROCEDURES Control: The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and "
i[u'CM-1_N_01'] = u"2. Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and "
i[u'CM-1_N_02'] = u"b. Reviews and updates the current: 1. Configuration management policy [Assignment: organization-defined frequency]; and "
i[u'CM-1_N_03'] = u"2. Configuration management procedures [Assignment: organization-defined frequency]. "
i[u'IA-2(1)_N_00'] = u"IDENTIFICATION AND AUTHENTICATION | NETWORK ACCESS TO PRIVILEGED ACCOUNTS The information system implements multifactor authentication for network access to privileged accounts. "
i[u'IA-2(3)_N_00'] = u"IDENTIFICATION AND AUTHENTICATION | LOCAL ACCESS TO PRIVILEGED ACCOUNTS The information system implements multifactor authentication for local access to privileged accounts. "
i[u'IA-5(1)_N_00'] = u"AUTHENTICATOR MANAGEMENT | PASSWORD-BASED AUTHENTICATION The information system, for password-based authentication: (a) Enforces minimum password complexity of [Assignment: organization-defined requirements for case sensitivity, number of characters, mix of upper-case letters, lower-case letters, numbers, and special characters, including minimum requirements for each type]; "
i[u'IA-5(1)_N_01'] = u"(b) Enforces at least the following number of changed characters when new passwords are created: [Assignment: organization-defined number]; "
i[u'IA-5(1)_N_02'] = u"(c) Stores and transmits only encrypted representations of passwords; "
i[u'IA-5(1)_N_03'] = u"(d) Enforces password minimum and maximum lifetime restrictions of [Assignment: organization-defined numbers for lifetime minimum, lifetime maximum]; "
i[u'IA-5(1)_N_04'] = u"(e) Prohibits password reuse for [Assignment: organization-defined number] generations; and "
i[u'IA-5(1)_N_05'] = u"(f) Allows the use of a temporary password for system logons with an immediate change to a permanent password. "
i[u'IA-5(2)_N_00'] = u"AUTHENTICATOR MANAGEMENT | PKI-BASED AUTHENTICATION The information system, for PKI-based authentication: (a) Validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information; "
i[u'IA-5(2)_N_01'] = u"(b) Enforces authorized access to the corresponding private key; "
i[u'IA-5(2)_N_02'] = u"(c) Maps the authenticated identity to the account of the individual or group; and "
i[u'IA-5(2)_N_03'] = u"(d) Implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network. "
i[u'IA-6_N_00'] = u"AUTHENTICATOR FEEDBACK Control: The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. "
i[u'IA-7_N_00'] = u"CRYPTOGRAPHIC MODULE AUTHENTICATION Control: The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. "
i[u'IA-8_N_00'] = u"IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) Control: The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users). "
i[u'IA-8(1)_N_00'] = u"IDENTIFICATION AND AUTHENTICATION | ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIES The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials from other federal agencies. "
i[u'SA-5_N_02'] = u"3. Known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions; "
i[u'SA-5_N_04'] = u"2. Methods for user interaction, which enables individuals to use the system, component, or service in a more secure manner; and "
i[u'SA-5_N_06'] = u"c. Documents attempts to obtain information system, system component, or information system service documentation when such documentation is either unavailable or nonexistent and [Assignment: organization-defined actions] in response; "
i[u'SA-16_N_00'] = u"DEVELOPER-PROVIDED TRAINING Control: The organization requires the developer of the information system, system component, or information system service to provide [Assignment: organization-defined training] on the correct use and operation of the implemented security functions, controls, and/or mechanisms. "
i[u'SA-17_N_00'] = u"DEVELOPER SECURITY ARCHITECTURE AND DESIGN Control: The organization requires the developer of the information system, system component, or information system service to produce a design specification and security architecture that: a. Is consistent with and supportive of the organization's security architecture which is established within and is an integrated part of the organization's enterprise architecture; "
i[u'SA-17_N_01'] = u"b. Accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components; and "
i[u'SA-17_N_02'] = u"c. Expresses how individual security functions, mechanisms, and services work together to provide required security capabilities and a unified approach to protection. "
i[u'SC-2_N_00'] = u"APPLICATION PARTITIONING Control: The information system separates user functionality (including user interface services) from information system management functionality. "
i[u'SC-3_N_00'] = u"SECURITY FUNCTION ISOLATION Control: The information system isolates security functions from nonsecurity functions. "
i[u'SC-4_N_00'] = u"INFORMATION IN SHARED RESOURCES Control: The information system prevents unauthorized and unintended information transfer via shared system resources. "
i[u'SC-5_N_00'] = u"DENIAL OF SERVICE PROTECTION Control: The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or reference to source for such information] by employing [Assignment: organization-defined security safeguards]. "
i[u'SC-7_N_00'] = u"BOUNDARY PROTECTION Control: The information system: a. Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; "
i[u'SC-7_N_01'] = u"b. Implements subnetworks for publicly accessible system components that are [Selection: physically; logically] separated from internal organizational networks; and "
i[u'SC-7_N_02'] = u"c. Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture. "
i[u'SC-7(18)_N_00'] = u"BOUNDARY PROTECTION | FAIL SECURE The information system fails securely in the event of an operational failure of a boundary protection device. "
i[u'SC-10_N_00'] = u"NETWORK DISCONNECT Control: The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. "
i[u'SC-15_N_01'] = u"b. Provides an explicit indication of use to users physically present at the devices. "
i[u'SC-24_N_00'] = u"FAIL IN KNOWN STATE Control: The information system fails to a [Assignment: organization-defined known-state] for [Assignment: organization-defined types of failures] preserving [Assignment: organization-defined system state information] in failure. "
i[u'SC-39_N_00'] = u"PROCESS ISOLATION Control: The information system maintains a separate execution domain for each executing process. "
'''

# Personal access token, don't push to GitHub
token = 'redacted'

# Unicode body for the issue
body_start = u'Need to address this control in the [Master SCTM](https://github.com/RedHatGov/openshift-compliance/blob/master/master_sctm.xlsx):\n\n'

# Create repo objects for the original and new repos
g = Github(token)
rj = g.get_user('jason-callaway').get_repo('openshift-compliance')
rr = g.get_user('RedHatGov').get_repo('openshift-compliance')

# Find the milestone in question in the original repo
for m in rj.get_milestones():
    if m.title == 'v1.0':
        rjm33 = m
    break

# Find the milestone in question in the new repo
for m in rr.get_milestones():
    if m.title == 'v3.3':
        rrm33 = m
    break

# Build a list of issues in the original repo
issues = rj.get_issues(milestone=rjm33)
jissue_index = {}
for issue in issues:
    jissue_index[issue.title] = "exists"

# Build a list of issues in the new repo
issues = rr.get_issues(milestone=rrm33)
rissue_index = {}
for issue in issues:
    rissue_index[issue.title] = "exists"

# Make the issues based on the pre-fab titles
for key in sorted(i.keys()):
    title = u"Need to address " + key
    if rissue_index.get(title):
        # If the issue already exists in the new repo, skip
        continue
    else:
        print title
        body = body_start + i[key]
        issue = rr.create_issue(title, body=body, milestone=rrm33)

        # The GitHub API doesn't like it if you create these too quickly,
        # so chill out for 3 seconds.
        time.sleep(3)

# TODO: add a step to reclaim any issues we're missing
	import time
	from github import Github

	# We have pre-fab issues in my_issues.py that I generated from the spreadsheet.
	# TODO: make this automatic
	from my_issues import *

	'''
	my_issues.py example:
	i = {}
	i[u'AT-1_N_00'] = u"SECURITY AWARENESS AND TRAINING POLICY AND PROCEDURES Control: The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A security awareness and training policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and "
	i[u'AT-1_N_01'] = u"2. Procedures to facilitate the implementation of the security awareness and training policy and associated security awareness and training controls; and "
	i[u'AT-1_N_02'] = u"b. Reviews and updates the current: 1. Security awareness and training policy [Assignment: organization-defined frequency]; and "
	i[u'AT-1_N_03'] = u"2. Security awareness and training procedures [Assignment: organization-defined frequency]. "
	i[u'AT-2_N_00'] = u"SECURITY AWARENESS TRAINING Control: The organization provides basic security awareness training to information system users (including managers, senior executives, and contractors): a. As part of initial training for new users; "
	i[u'AT-2_N_01'] = u"b. When required by information system changes; and "
	i[u'AT-2_N_02'] = u"c. [Assignment: organization-defined frequency] thereafter. "
	i[u'AT-3_N_00'] = u"ROLE-BASED SECURITY TRAINING Control: The organization provides role-based security training to personnel with assigned security roles and responsibilities: a. Before authorizing access to the information system or performing assigned duties; "
	i[u'AT-3_N_01'] = u"b. When required by information system changes; and "
	i[u'AT-3_N_02'] = u"c. [Assignment: organization-defined frequency] thereafter. "
	i[u'AT-4_N_00'] = u"SECURITY TRAINING RECORDS Control: The organization: a. Documents and monitors individual information system security training activities including basic security awareness training and specific information system security training; and "
	i[u'AT-4_N_01'] = u"b. Retains individual training records for [Assignment: organization-defined time period]. "
	i[u'AU-2_N_01'] = u"b. Coordinates the security audit function with other organizational entities requiring audit-related information to enhance mutual support and to help guide the selection of auditable events; "
	i[u'AU-3(2)_N_00'] = u"CONTENT OF AUDIT RECORDS \| CENTRALIZED MANAGEMENT OF PLANNED AUDIT RECORD CONTENT The information system provides centralized management and configuration of the content to be captured in audit records generated by [Assignment: organization-defined information system components]. "
	i[u'AU-5_N_00'] = u"RESPONSE TO AUDIT PROCESSING FAILURES Control: The information system: a. Alerts [Assignment: organization-defined personnel or roles] in the event of an audit processing failure; and "
	i[u'AU-5(2)_N_00'] = u"RESPONSE TO AUDIT PROCESSING FAILURES \| REAL-TIME ALERTS The information system provides an alert in [Assignment: organization-defined real-time period] to [Assignment: organization-defined personnel, roles, and/or locations] when the following audit failure events occur: [Assignment: organization-defined audit failure events requiring real-time alerts]. "
	i[u'AU-6_N_00'] = u"AUDIT REVIEW, ANALYSIS, AND REPORTING Control: The organization: a. Reviews and analyzes information system audit records [Assignment: organization-defined frequency] for indications of [Assignment: organization-defined inappropriate or unusual activity]; and "
	i[u'AU-6_N_01'] = u"b. Reports findings to [Assignment: organization-defined personnel or roles]. "
	i[u'AU-6(5)_N_00'] = u"AUDIT REVIEW, ANALYSIS, AND REPORTING \| INTEGRATION / SCANNING AND MONITORING CAPABILITIES The organization integrates analysis of audit records with analysis of [Selection (one or more): vulnerability scanning information; performance data; information system monitoring information; [Assignment: organization-defined data/information collected from other sources]] to further enhance the ability to identify inappropriate or unusual activity. "
	i[u'AU-6(6)_N_00'] = u"AUDIT REVIEW, ANALYSIS, AND REPORTING \| CORRELATION WITH PHYSICAL MONITORING The organization correlates information from audit records with information obtained from monitoring physical access to further enhance the ability to identify suspicious, inappropriate, unusual, or malevolent activity. "
	i[u'AU-7_N_00'] = u"AUDIT REDUCTION AND REPORT GENERATION Control: The information system provides an audit reduction and report generation capability that: a. Supports on-demand audit review, analysis, and reporting requirements and after-the-fact investigations of security incidents; and "
	i[u'AU-7_N_01'] = u"b. Does not alter the original content or time ordering of audit records. "
	i[u'AU-7(1)_N_00'] = u"AUDIT REDUCTION AND REPORT GENERATION \| AUTOMATIC PROCESSING The information system provides the capability to process audit records for events of interest based on [Assignment: organization-defined audit fields within audit records]. "
	i[u'AU-9_N_00'] = u"PROTECTION OF AUDIT INFORMATION Control: The information system protects audit information and audit tools from unauthorized access, modification, and deletion. "
	i[u'AU-9(3)_N_00'] = u"PROTECTION OF AUDIT INFORMATION \| CRYPTOGRAPHIC PROTECTION The information system implements cryptographic mechanisms to protect the integrity of audit information and audit tools. "
	i[u'CA-7_N_00'] = u"CONTINUOUS MONITORING Control: The organization develops a continuous monitoring strategy and implements a continuous monitoring program that includes: a. Establishment of [Assignment: organization-defined metrics] to be monitored; "
	i[u'CA-7_N_01'] = u"b. Establishment of [Assignment: organization-defined frequencies] for monitoring and [Assignment: organization-defined frequencies] for assessments supporting such monitoring; "
	i[u'CA-7_N_02'] = u"c. Ongoing security control assessments in accordance with the organizational continuous monitoring strategy; "
	i[u'CA-7_N_03'] = u"d. Ongoing security status monitoring of organization-defined metrics in accordance with the organizational continuous monitoring strategy; "
	i[u'CA-7_N_04'] = u"e. Correlation and analysis of security-related information generated by assessments and monitoring; "
	i[u'CA-7_N_05'] = u"f. Response actions to address results of the analysis of security-related information; and "
	i[u'CA-7_N_06'] = u"g. Reporting the security status of organization and the information system to [Assignment: organization-defined personnel or roles] [Assignment: organization-defined frequency]. "
	i[u'CA-7(1)_N_00'] = u"CONTINUOUS MONITORING \| INDEPENDENT ASSESSMENT The organization employs assessors or assessment teams with [Assignment: organization-defined level of independence] to monitor the security controls in the information system on an ongoing basis. "
	i[u'CA-9_N_00'] = u"INTERNAL SYSTEM CONNECTIONS Control: The organization: a. Authorizes internal connections of [Assignment: organization-defined information system components or classes of components] to the information system; and "
	i[u'CA-9_N_01'] = u"b. Documents, for each internal connection, the interface characteristics, security requirements, and the nature of the information communicated. "
	i[u'CM-1_N_00'] = u"CONFIGURATION MANAGEMENT POLICY AND PROCEDURES Control: The organization: a. Develops, documents, and disseminates to [Assignment: organization-defined personnel or roles]: 1. A configuration management policy that addresses purpose, scope, roles, responsibilities, management commitment, coordination among organizational entities, and compliance; and "
	i[u'CM-1_N_01'] = u"2. Procedures to facilitate the implementation of the configuration management policy and associated configuration management controls; and "
	i[u'CM-1_N_02'] = u"b. Reviews and updates the current: 1. Configuration management policy [Assignment: organization-defined frequency]; and "
	i[u'CM-1_N_03'] = u"2. Configuration management procedures [Assignment: organization-defined frequency]. "
	i[u'IA-2(1)_N_00'] = u"IDENTIFICATION AND AUTHENTICATION \| NETWORK ACCESS TO PRIVILEGED ACCOUNTS The information system implements multifactor authentication for network access to privileged accounts. "
	i[u'IA-2(3)_N_00'] = u"IDENTIFICATION AND AUTHENTICATION \| LOCAL ACCESS TO PRIVILEGED ACCOUNTS The information system implements multifactor authentication for local access to privileged accounts. "
	i[u'IA-5(1)_N_00'] = u"AUTHENTICATOR MANAGEMENT \| PASSWORD-BASED AUTHENTICATION The information system, for password-based authentication: (a) Enforces minimum password complexity of [Assignment: organization-defined requirements for case sensitivity, number of characters, mix of upper-case letters, lower-case letters, numbers, and special characters, including minimum requirements for each type]; "
	i[u'IA-5(1)_N_01'] = u"(b) Enforces at least the following number of changed characters when new passwords are created: [Assignment: organization-defined number]; "
	i[u'IA-5(1)_N_02'] = u"(c) Stores and transmits only encrypted representations of passwords; "
	i[u'IA-5(1)_N_03'] = u"(d) Enforces password minimum and maximum lifetime restrictions of [Assignment: organization-defined numbers for lifetime minimum, lifetime maximum]; "
	i[u'IA-5(1)_N_04'] = u"(e) Prohibits password reuse for [Assignment: organization-defined number] generations; and "
	i[u'IA-5(1)_N_05'] = u"(f) Allows the use of a temporary password for system logons with an immediate change to a permanent password. "
	i[u'IA-5(2)_N_00'] = u"AUTHENTICATOR MANAGEMENT \| PKI-BASED AUTHENTICATION The information system, for PKI-based authentication: (a) Validates certifications by constructing and verifying a certification path to an accepted trust anchor including checking certificate status information; "
	i[u'IA-5(2)_N_01'] = u"(b) Enforces authorized access to the corresponding private key; "
	i[u'IA-5(2)_N_02'] = u"(c) Maps the authenticated identity to the account of the individual or group; and "
	i[u'IA-5(2)_N_03'] = u"(d) Implements a local cache of revocation data to support path discovery and validation in case of inability to access revocation information via the network. "
	i[u'IA-6_N_00'] = u"AUTHENTICATOR FEEDBACK Control: The information system obscures feedback of authentication information during the authentication process to protect the information from possible exploitation/use by unauthorized individuals. "
	i[u'IA-7_N_00'] = u"CRYPTOGRAPHIC MODULE AUTHENTICATION Control: The information system implements mechanisms for authentication to a cryptographic module that meet the requirements of applicable federal laws, Executive Orders, directives, policies, regulations, standards, and guidance for such authentication. "
	i[u'IA-8_N_00'] = u"IDENTIFICATION AND AUTHENTICATION (NON-ORGANIZATIONAL USERS) Control: The information system uniquely identifies and authenticates non-organizational users (or processes acting on behalf of non-organizational users). "
	i[u'IA-8(1)_N_00'] = u"IDENTIFICATION AND AUTHENTICATION \| ACCEPTANCE OF PIV CREDENTIALS FROM OTHER AGENCIES The information system accepts and electronically verifies Personal Identity Verification (PIV) credentials from other federal agencies. "
	i[u'SA-5_N_02'] = u"3. Known vulnerabilities regarding configuration and use of administrative (i.e., privileged) functions; "
	i[u'SA-5_N_04'] = u"2. Methods for user interaction, which enables individuals to use the system, component, or service in a more secure manner; and "
	i[u'SA-5_N_06'] = u"c. Documents attempts to obtain information system, system component, or information system service documentation when such documentation is either unavailable or nonexistent and [Assignment: organization-defined actions] in response; "
	i[u'SA-16_N_00'] = u"DEVELOPER-PROVIDED TRAINING Control: The organization requires the developer of the information system, system component, or information system service to provide [Assignment: organization-defined training] on the correct use and operation of the implemented security functions, controls, and/or mechanisms. "
	i[u'SA-17_N_00'] = u"DEVELOPER SECURITY ARCHITECTURE AND DESIGN Control: The organization requires the developer of the information system, system component, or information system service to produce a design specification and security architecture that: a. Is consistent with and supportive of the organization's security architecture which is established within and is an integrated part of the organization's enterprise architecture; "
	i[u'SA-17_N_01'] = u"b. Accurately and completely describes the required security functionality, and the allocation of security controls among physical and logical components; and "
	i[u'SA-17_N_02'] = u"c. Expresses how individual security functions, mechanisms, and services work together to provide required security capabilities and a unified approach to protection. "
	i[u'SC-2_N_00'] = u"APPLICATION PARTITIONING Control: The information system separates user functionality (including user interface services) from information system management functionality. "
	i[u'SC-3_N_00'] = u"SECURITY FUNCTION ISOLATION Control: The information system isolates security functions from nonsecurity functions. "
	i[u'SC-4_N_00'] = u"INFORMATION IN SHARED RESOURCES Control: The information system prevents unauthorized and unintended information transfer via shared system resources. "
	i[u'SC-5_N_00'] = u"DENIAL OF SERVICE PROTECTION Control: The information system protects against or limits the effects of the following types of denial of service attacks: [Assignment: organization-defined types of denial of service attacks or reference to source for such information] by employing [Assignment: organization-defined security safeguards]. "
	i[u'SC-7_N_00'] = u"BOUNDARY PROTECTION Control: The information system: a. Monitors and controls communications at the external boundary of the system and at key internal boundaries within the system; "
	i[u'SC-7_N_01'] = u"b. Implements subnetworks for publicly accessible system components that are [Selection: physically; logically] separated from internal organizational networks; and "
	i[u'SC-7_N_02'] = u"c. Connects to external networks or information systems only through managed interfaces consisting of boundary protection devices arranged in accordance with an organizational security architecture. "
	i[u'SC-7(18)_N_00'] = u"BOUNDARY PROTECTION \| FAIL SECURE The information system fails securely in the event of an operational failure of a boundary protection device. "
	i[u'SC-10_N_00'] = u"NETWORK DISCONNECT Control: The information system terminates the network connection associated with a communications session at the end of the session or after [Assignment: organization-defined time period] of inactivity. "
	i[u'SC-15_N_01'] = u"b. Provides an explicit indication of use to users physically present at the devices. "
	i[u'SC-24_N_00'] = u"FAIL IN KNOWN STATE Control: The information system fails to a [Assignment: organization-defined known-state] for [Assignment: organization-defined types of failures] preserving [Assignment: organization-defined system state information] in failure. "
	i[u'SC-39_N_00'] = u"PROCESS ISOLATION Control: The information system maintains a separate execution domain for each executing process. "
	'''

	# Personal access token, don't push to GitHub
	token = 'redacted'

	# Unicode body for the issue
	body_start = u'Need to address this control in the [Master SCTM](https://github.com/RedHatGov/openshift-compliance/blob/master/master_sctm.xlsx):\n\n'

	# Create repo objects for the original and new repos
	g = Github(token)
	rj = g.get_user('jason-callaway').get_repo('openshift-compliance')
	rr = g.get_user('RedHatGov').get_repo('openshift-compliance')

	# Find the milestone in question in the original repo
	for m in rj.get_milestones():
	if m.title == 'v1.0':
	rjm33 = m
	break

	# Find the milestone in question in the new repo
	for m in rr.get_milestones():
	if m.title == 'v3.3':
	rrm33 = m
	break

	# Build a list of issues in the original repo
	issues = rj.get_issues(milestone=rjm33)
	jissue_index = {}
	for issue in issues:
	jissue_index[issue.title] = "exists"

	# Build a list of issues in the new repo
	issues = rr.get_issues(milestone=rrm33)
	rissue_index = {}
	for issue in issues:
	rissue_index[issue.title] = "exists"

	# Make the issues based on the pre-fab titles
	for key in sorted(i.keys()):
	title = u"Need to address " + key
	if rissue_index.get(title):
	# If the issue already exists in the new repo, skip
	continue
	else:
	print title
	body = body_start + i[key]
	issue = rr.create_issue(title, body=body, milestone=rrm33)

	# The GitHub API doesn't like it if you create these too quickly,
	# so chill out for 3 seconds.
	time.sleep(3)

	# TODO: add a step to reclaim any issues we're missing