MCP.so
Sign In

Overview

What is Crml Code?

Crml Code is an open, declarative, engine-agnostic language for describing cyber risk models as code (Risk as Code). It provides a YAML/JSON format for scenarios, portfolios, telemetry mappings, simulation pipelines, and output requirements. It is maintained by Zeron Research Labs and CyberSec Consulting LLC and intended for security, risk, and compliance professionals.

How to use Crml Code?

Install via pip (pip install crml-engine for CLI, or crml-lang for language library). Use the CLI: crml-lang validate <file> and crml simulate <file> --runs 10000. Alternatively, use the Python API from crml_lang and crml_engine packages. A web UI (CRML Studio) is available in the web/ directory and started with npm run dev.

Key features of Crml Code

  • Control effectiveness modeling (including defense-in-depth)
  • Median‑based parameterization for lognormal distributions
  • Multi‑currency support with automatic conversion
  • Auto‑calibration of distributions from loss data
  • Strict JSON Schema validation before simulation
  • Implementation‑agnostic (works with any compliant engine)
  • Human‑readable YAML for easy review and audit

Use cases of Crml Code

  • Version‑controlling cyber risk models in Git for peer review
  • Consistently quantifying risk across business units and tools
  • Producing repeatable, audit‑ready evidence of risk calculations
  • Exchanging models with partners, insurers, or regulators without spreadsheets

FAQ from Crml Code

What runtime dependencies does Crml Code require?

Python 3.9+ and the packages crml-lang and/or crml-engine. Optionally, add SCF support with crml-lang[scf].

Where do my risk models live?

All models are stored as local YAML files (e.g., in risk/models/). The server does not host or store data centrally.

Is Crml Code tied to a specific quantification engine?

No, it is engine‑agnostic. Any compliant simulation engine can consume the same CRML documents.

How does validation work?

Models are validated against JSON Schema via the crml-lang validate command or the validate() function in Python. Errors are reported before simulation.

What transport or authentication does the server use?

The server is a set of CLI tools and a web UI (CRML Studio). No authentication or remote transport is described; all operations are local.

More from Developer Tools