In the COSMOS 5.20.0 release, we introduced Critical Commanding to COSMOS Enterprise Edition. Critical commanding is a special mode that is enabled scope wide to force either HAZARDOUS or RESTRICTED commands to be authenticated by another user. It is enabled in the Scopes tab of the Administrator Console.

Critical commanding has 2 separate modes: NORMAL and ALL. NORMAL means all HAZARDOUS and RESTRICTED commands require approval before being executed (including in Script Runner). ALL means every manual command sent from Command Sender also requires approval.

When a HAZARDOUS command is sent in Command Sender the center Date / Time display is overlaid with the Critical Cmd Pending notification. In this case the Admin user tried to send a critical command.

Clicking View brings up a dialog where you can authenticate as another user who has the approval role in Keycloak. We have setup a new default user in Keycloak called Approver who has approval authority. If you try to approve a command without the approver role such as the operator user you get an error.

Once we authenticate as the Approver the dialog disappears and the Critical Cmd Pending overlay is removed. The same effect happens in Script Runner when executing HAZARDOUS commands.

Critical Commanding is another example of Enterprise features added to support our participation in the U.S. Space Force SSC Future Operationally Resilient Ground Evolution Command and Control (FORGE C2) program. This feature allows operations facilities to lock down commanding by requiring separate user authentication for safety and security.