This page is dedicated to information that C3PAOs need to know. It will be filled out over time.
Please send suggestions if you see good information on a C3PAO topic.
Official guidance related to C3PAOs
Big Rocks to prepare for as a C3PAO
$1000 to apply for C3PAO (non-refundable)
$ (unknown) to have a CMMC ML3 certified information system (before starting work)
$ (unknown) to obtain ISO 17020 certification within ~2 years.
The DoD is being extremely restrictive and careful about foreign influence of C3PAOs.
Your public websites need to not violate the Code of Professional Conduct. (false advertising, mostly)
Operate an information system that meets CMMC ML3 requirements
Mature assessment processes and get new CMMC assessors on the same page
Build a complaint resolution process
Mature back-office processes to oversee assessments and quality-assurance
Support your assessors as they travel and start/stop projects for many clients over time