{
   "$schema":"https://json-schema.org/draft/2020-12/schema",
   "$id":"https://fedramp.gov/schemas/fedramp-advisor-information-schema-v2026.06.06.01.json",
   "$schemaVersion":"0.0.1",
   "type":"object",
   "title":"FedRAMP Advisor Information (MKT-CAS-WEB)",
   "description":"Public information an Advisory Service must supply in machine-readable format on their website per MKT-CAS-WEB.",
   "required":[
      "serviceDescription",
      "contactInformation",
      "servicesOffered"
   ],
   "properties":{
      "serviceDescription":{
         "type":"string",
         "title":"Service Description",
         "description":"38North Security provides FedRAMP advisory, engineering, certification readiness, and ongoing compliance support for cloud service providers pursuing, maintaining, or transitioning their FedRAMP strategy. Our services support FedRAMP Rev. 5, Sponsorless Rev. 5, and FedRAMP 20x pathways and include strategy and readiness assessments, system scoping, security architecture and engineering, documentation and assessment preparation, continuous monitoring, continuous validation, evidence automation, and ongoing compliance operations."
      },
      "contactInformation":{
         "type":"array",
         "title":"Contact Information",
         "description":"info@38northsecurity.com",
         "items":{
            "type":"string"
         },
         "minItems":1
      },
      "servicesOffered":{
         "type":"array",
         "title":"Services Offered",
         "description":"Types of consulting or advisory services offered (MKT-CAS-WEB).",
         "items":{
            "$ref":"#/$defs/serviceOffering"
         },
         "minItems":1
      }
   },
   "$defs":{
      "serviceOffering":{
         "type":"object",
         "title":"Service Offering",
         "required":[
            "serviceName"
         ],
         "properties":{
            "serviceName":{
               "type":"string",
               "title":"Service Name",
               "description":"Strategy & Readiness"
            },
            "serviceDescription":{
               "type":"string",
               "title":"Service Description",
               "description":"38North helps cloud service providers determine the FedRAMP pathway, system scope, and technical approach that best align with their business objectives, federal market goals, architecture, and current security maturity. Services include FedRAMP readiness assessments, Rev. 5 and 20x suitability evaluations, system boundary definition and scoping, architecture and deployment reviews, gap analysis and remediation planning, certification strategy development, sponsorship and Marketplace planning, and cost, effort, and timeline estimation."
            },
            "serviceName":{
               "type":"string",
               "title":"Service Name",
               "description":"Security Engineering & Certification Support"
            },
            "serviceDescription":{
               "type":"string",
               "title":"Service Description",
               "description":"38North provides the architecture, engineering, documentation, and assessment support required to prepare cloud systems for FedRAMP certification. Services include security architecture reviews, secure-by-design cloud implementation, Infrastructure-as-Code development, identity and access management, logging, monitoring and detection engineering, security control implementation, automated evidence collection and reporting, security package development, 3PAO assessment readiness and support, POA&M remediation, agency and stakeholder coordination, and LaunchPad deployment and customization."
            },
            "serviceName":{
               "type":"string",
               "title":"Service Name",
               "description":"Continuous Validation & Compliance Operations"
            },
            "serviceDescription":{
               "type":"string",
               "title":"Service Description",
               "description":"38North helps cloud service providers maintain their FedRAMP posture through scalable monitoring, validation, remediation, reporting, and compliance program operations. Services include continuous monitoring support, vulnerability management and remediation coordination, POA&M management, significant change support, continuous validation preparation, automated evidence pipelines, GRC platform integration, executive reporting and dashboards, and ongoing compliance program management."
            },
            "serviceName":{
               "type":"string",
               "title":"Service Name",
               "description":"FedRAMP 20x Specialized Services"
            },
            "serviceDescription":{
               "type":"string",
               "title":"Service Description",
               "description":"38North provides specialized FedRAMP 20x advisory and engineering support focused on continuous validation, automation, and continuous assurance. Services include FedRAMP 20x discovery and readiness reviews, Minimum Assessment Scope alignment assessments, Class A readiness support, system uplift planning, Key Security Indicator automation, evidence pipeline development, JSON evidence generation, Trust Center and GRC integrations, validation support, and continuous assurance enablement."
            }
         }
      }
   }
}