CRML
CRML is an open, declarative, implementation-agnostic language for expressing cyber risk models that enables organizations to standardize, validate and automate their risk assessment processes through code.
https://github.com/Faux16/crml?ref=producthunt
Product Information
Updated:Feb 10, 2026
What is CRML
CRML (Cyber Risk Modeling Language) is a specialized language designed to address the challenges in cyber security risk management. It provides a YAML/JSON format for describing cyber risk models, telemetry mappings, simulation pipelines, dependencies, and output requirements without forcing users into specific quantification methods, simulation engines, or security-control frameworks. Developed and maintained by Zeron Research Labs and CyberSec Consulting LLC, CRML enables 'Risk as Code' (RaC), where risk and compliance assumptions become versioned, reviewable artifacts that can be validated and executed consistently across teams and tools.
Key Features of CRML
CRML (Cyber Risk Modeling Language) is an open-source, declarative language designed for expressing and standardizing cyber risk models. It provides a YAML/JSON format for describing risk models, telemetry mappings, simulation pipelines, dependencies, and output requirements without being tied to specific quantification methods or security frameworks. The language enables Risk as Code (RaC), making risk and compliance assumptions versioned, reviewable artifacts that can be consistently validated and executed across different teams and tools.
Control Effectiveness Modeling: Allows quantification of how security controls reduce risk, including defense-in-depth scenarios and effectiveness parameters
Framework Agnostic Integration: Supports multiple security frameworks (ATT&CK, CIS, NIST, ISO, SCF) with flexible mapping capabilities and version control
Multi-Currency Support: Enables modeling across different currencies with automatic conversion functionality
Validation and Reproducibility: Provides strict JSON Schema validation and ensures models are reproducible across different tools and teams
Use Cases of CRML
Security Investment Analysis: Compare and justify security spending by modeling risk scenarios with and without specific security controls or investments
Regulatory Compliance: Create audit-ready documentation and evidence of risk calculations for regulatory requirements and compliance reporting
Enterprise Risk Management: Standardize risk assessment across different business units and integrate cyber risk with enterprise risk planning
Insurance and Financial Planning: Model potential cyber risks and their financial impacts for insurance coverage decisions and financial planning
Pros
Implementation-agnostic design allows flexibility in choosing simulation engines
Human-readable YAML format makes it easy to review and audit
Standardized approach enables consistent risk modeling across organization
Cons
Project is still under heavy development and may change without notice
Requires technical expertise to implement and maintain
Limited to organizations with mature risk management practices
How to Use CRML
Install CRML packages: Install either the full CLI package with 'pip install crml-engine' or just the language library with 'pip install crml-lang'. For SCF support, use 'pip install "crml-lang[scf]"'
Create CRML YAML model file: Create a YAML file defining your cyber risk model with required fields like crml_scenario version, meta information, and scenario details including frequency and severity parameters
Validate CRML file: Use the CLI command 'crml-lang validate <your-file.yaml>' or Python code 'from crml_lang import validate; report = validate("your-file.yaml", source_kind="path")' to validate your YAML model
Run simulation: Execute simulation using CLI with 'crml simulate <your-file.yaml> --runs 10000' or Python code 'from crml_engine.runtime import run_simulation; result = run_simulation("your-file.yaml", n_runs=10000)'
Use CRML Studio (optional): For visual interface: 1) Install with 'pip install crml-engine', 2) Navigate to web/ directory, 3) Run 'npm install', 4) Start with 'npm run dev', 5) Open http://localhost:3000
Import external frameworks (optional): Import security frameworks like SCF using CLI command 'crml-lang scf-import-catalog path/to/SCF_file.xlsx output-catalog.yaml'
Review and iterate: Check simulation results, validate outputs, and refine model parameters as needed. Use version control to track changes to your CRML files
CRML FAQs
CRML (Cyber Risk Modeling Language) is an open, declarative, engine-agnostic language for expressing cyber risk models, telemetry mappings, simulation pipelines, dependencies, and output requirements. It provides a YAML/JSON format for describing cyber risk models without forcing specific quantification methods or security frameworks.
Popular Articles
Moltbook AI: 2026's First Pure AI Agent Social Network
Feb 5, 2026
ThumbnailCreator: The AI Tool That Solves Your YouTube Thumbnail Stress (2026)
Jan 16, 2026
How to Use ChatGPT Plus for Free (2026 Update)
Jan 14, 2026
AI Smart Glasses 2026: A Software-First Perspective on the Wearable AI Market
Jan 7, 2026
Latest AI Tools Similar to CRML
Gait
Gait is a collaboration tool that integrates AI-assisted code generation with version control, enabling teams to track, understand, and share AI-generated code context efficiently.
invoices.dev
invoices.dev is an automated invoicing platform that generates invoices directly from developers' Git commits, with integration capabilities for GitHub, Slack, Linear, and Google services.
EasyRFP
EasyRFP is an AI-powered edge computing toolkit that streamlines RFP (Request for Proposal) responses and enables real-time field phenotyping through deep learning technology.
Cart.ai
Cart.ai is an AI-powered service platform that provides comprehensive business automation solutions including coding, customer relations management, video editing, e-commerce setup, and custom AI development with 24/7 support.
Popular AI Tools Like CRML
GitHub Copilot Chat
GitHub Copilot Chat is an AI-powered coding assistant that provides natural language interactions, real-time code suggestions, and contextual support directly within supported IDEs and GitHub.com.
CopilotForXcode
CopilotForXcode is an Xcode Source Editor Extension that integrates GitHub Copilot, Codeium, and ChatGPT to provide AI-powered code suggestions, chat assistance, and prompt-to-code functionality within Xcode.
BrowserAI
BrowserAI is an open-source library that enables running local Large Language Models (LLMs) directly in web browsers with WebGPU acceleration, offering privacy-focused AI capabilities without requiring server infrastructure.
OpenAI Codex CLI
OpenAI Codex CLI is a lightweight, open-source coding agent that runs in your terminal, enabling developers to translate natural language into code execution while providing ChatGPT-level reasoning with the ability to run code, manipulate files, and iterate under version control.