CRML

CRML

WebsiteFreeAI Code AssistantAI Code Generator
CRML is an open, declarative, implementation-agnostic language for expressing cyber risk models that enables organizations to standardize, validate and automate their risk assessment processes through code.
Visiter le site web
Promouvoir cet outil
https://github.com/Faux16/crml?ref=producthunt
CRML

Informations sur le produit

Mis à jour:Feb 10, 2026

Qu'est-ce que CRML

CRML (Cyber Risk Modeling Language) is a specialized language designed to address the challenges in cyber security risk management. It provides a YAML/JSON format for describing cyber risk models, telemetry mappings, simulation pipelines, dependencies, and output requirements without forcing users into specific quantification methods, simulation engines, or security-control frameworks. Developed and maintained by Zeron Research Labs and CyberSec Consulting LLC, CRML enables 'Risk as Code' (RaC), where risk and compliance assumptions become versioned, reviewable artifacts that can be validated and executed consistently across teams and tools.

Caractéristiques principales de CRML

CRML (Cyber Risk Modeling Language) is an open-source, declarative language designed for expressing and standardizing cyber risk models. It provides a YAML/JSON format for describing risk models, telemetry mappings, simulation pipelines, dependencies, and output requirements without being tied to specific quantification methods or security frameworks. The language enables Risk as Code (RaC), making risk and compliance assumptions versioned, reviewable artifacts that can be consistently validated and executed across different teams and tools.
Control Effectiveness Modeling: Allows quantification of how security controls reduce risk, including defense-in-depth scenarios and effectiveness parameters
Framework Agnostic Integration: Supports multiple security frameworks (ATT&CK, CIS, NIST, ISO, SCF) with flexible mapping capabilities and version control
Multi-Currency Support: Enables modeling across different currencies with automatic conversion functionality
Validation and Reproducibility: Provides strict JSON Schema validation and ensures models are reproducible across different tools and teams

Cas d'utilisation de CRML

Security Investment Analysis: Compare and justify security spending by modeling risk scenarios with and without specific security controls or investments
Regulatory Compliance: Create audit-ready documentation and evidence of risk calculations for regulatory requirements and compliance reporting
Enterprise Risk Management: Standardize risk assessment across different business units and integrate cyber risk with enterprise risk planning
Insurance and Financial Planning: Model potential cyber risks and their financial impacts for insurance coverage decisions and financial planning

Avantages

Implementation-agnostic design allows flexibility in choosing simulation engines
Human-readable YAML format makes it easy to review and audit
Standardized approach enables consistent risk modeling across organization

Inconvénients

Project is still under heavy development and may change without notice
Requires technical expertise to implement and maintain
Limited to organizations with mature risk management practices

Comment utiliser CRML

Install CRML packages: Install either the full CLI package with 'pip install crml-engine' or just the language library with 'pip install crml-lang'. For SCF support, use 'pip install "crml-lang[scf]"'
Create CRML YAML model file: Create a YAML file defining your cyber risk model with required fields like crml_scenario version, meta information, and scenario details including frequency and severity parameters
Validate CRML file: Use the CLI command 'crml-lang validate <your-file.yaml>' or Python code 'from crml_lang import validate; report = validate("your-file.yaml", source_kind="path")' to validate your YAML model
Run simulation: Execute simulation using CLI with 'crml simulate <your-file.yaml> --runs 10000' or Python code 'from crml_engine.runtime import run_simulation; result = run_simulation("your-file.yaml", n_runs=10000)'
Use CRML Studio (optional): For visual interface: 1) Install with 'pip install crml-engine', 2) Navigate to web/ directory, 3) Run 'npm install', 4) Start with 'npm run dev', 5) Open http://localhost:3000
Import external frameworks (optional): Import security frameworks like SCF using CLI command 'crml-lang scf-import-catalog path/to/SCF_file.xlsx output-catalog.yaml'
Review and iterate: Check simulation results, validate outputs, and refine model parameters as needed. Use version control to track changes to your CRML files

FAQ de CRML

CRML (Cyber Risk Modeling Language) is an open, declarative, engine-agnostic language for expressing cyber risk models, telemetry mappings, simulation pipelines, dependencies, and output requirements. It provides a YAML/JSON format for describing cyber risk models without forcing specific quantification methods or security frameworks.

Derniers outils d'IA similaires à CRML

Gait
Gait
FreemiumAI Code AssistantAI Team Collaboration
Gait est un outil de collaboration qui intègre la génération de code assistée par l'IA avec le contrôle de version, permettant aux équipes de suivre, comprendre et partager efficacement le contexte du code généré par l'IA.
invoices.dev
invoices.dev
PaidAI Code AssistantAI Developer Tools
invoices.dev est une plateforme de facturation automatisée qui génère des factures directement à partir des commits Git des développeurs, avec des capacités d'intégration pour GitHub, Slack, Linear et les services Google.
EasyRFP
EasyRFP
Contact for PricingAI Code AssistantAI Data Mining
EasyRFP est un outil de calcul en périphérie alimenté par l'IA qui rationalise les réponses aux RFP (demande de proposition) et permet le phénotypage des champs en temps réel grâce à la technologie d'apprentissage profond.
Cart.ai
Cart.ai
Contact for PricingAI Code AssistantAI Task Management
Cart.ai is an AI-powered service platform that provides comprehensive business automation solutions including coding, customer relations management, video editing, e-commerce setup, and custom AI development with 24/7 support.

Outils d'IA populaires comme CRML

GitHub Copilot Chat
GitHub Copilot Chat
PaidAI Code AssistantAI Code GeneratorAI Developer Tools
GitHub Copilot Chat est un assistant de codage alimenté par l'IA qui fournit des interactions en langage naturel, des suggestions de code en temps réel et un soutien contextuel directement dans les IDE pris en charge et sur GitHub.com.
CopilotForXcode
CopilotForXcode
FreemiumAI Code AssistantAI Code GeneratorAI Code Refactoring
CopilotForXcode est une extension d'Éditeur de Source Xcode qui intègre GitHub Copilot, Codeium et ChatGPT pour fournir des suggestions de code alimentées par l'IA, une assistance par chat et une fonctionnalité de prompt-à-code au sein de Xcode.
BrowserAI
BrowserAI
FreeAI Browsers BuilderAI Code Assistant
BrowserAI est une bibliothèque open source qui permet d'exécuter des grands modèles de langage (LLM) locaux directement dans les navigateurs Web avec l'accélération WebGPU, offrant des capacités d'IA axées sur la confidentialité sans nécessiter d'infrastructure de serveur.
OpenAI Codex CLI
OpenAI Codex CLI
FreeAI Code AssistantAI Code Generator
OpenAI Codex CLI est un agent de codage open source léger qui s'exécute dans votre terminal, permettant aux développeurs de traduire le langage naturel en exécution de code tout en fournissant un raisonnement de niveau ChatGPT avec la possibilité d'exécuter du code, de manipuler des fichiers et d'itérer sous contrôle de version.