So to start a C3PAO you need to identify a primary CCA. To become a CCA, you need to sit on 3 L2 CMMC engagements as a CCP.

In short, you can’t become a CCA without working for a C3PAO, and you can’t start a C3PAO without identifying a CCA. I’m starting a C3PAO and do not want to work for another one to fulfill these requirements due to potential noncompetes, etc.

I understand the requirement to ensure quality of work, etc. However, this is dumb because it’s a relative barrier to entry for new firms.

How can I work around this? CyberAB can’t give me any answers and the DIBCAC is not responding to my emails.