Consistent UUIDs

[nkeller08]

Research and document in Architectural Decision Records (ADRs) ways of conserving UUIDs (root UUID and elements' UUIDs) unless there is a language change in the data.

[nkeller08]

We also need to make sure that the UUID for the tag is consistent. IE: NIST should always have the same UUID.

[selenaxiao-nist]

A potential solution: https://docs.oracle.com/javase/8/docs/api/java/util/UUID.html
nameUUIDFromBytes(byte[] name) - retrieve a type 3 (name based) UUID based on the specified byte array
Currently, the code uses randomUUID() - retrieve a type 4 (pseudo randomly generated) UUID

[iMichaela]

A potential solution: https://docs.oracle.com/javase/8/docs/api/java/util/UUID.html nameUUIDFromBytes(byte[] name) - retrieve a type 3 (name based) UUID based on the specified byte array Currently, the code uses randomUUID() - retrieve a type 4 (pseudo randomly generated) UUID

OSCAL needs UUID v4. The issue raised was the information update. For example, if the CSF is regenerated for some updates, the ONLY UUIDs that should change are the ones where data was changed. The cyberESY tool was always regenerating all UUIDs, where ever they are used. This mechanism is used to trigger re-assessments, so, when abused, will crate new work for the users.