The bottom line is who the consumers of your certificates are. If all consumers are entities for which you can (securely) install the certificate of your CA in their list of trusted authorities, then you can use your own CA, otherwise, you need your certificates to be signed by an authority in the standard list(s) so that any client installing one knows it’s trustworthy.
Note that you can create a trusted authority. That is, your own CA but it’s certificate (and thus all others signed by it, indirectly) are trusted. This is a good comprimise if you are dealing with external entities but still want complete control of the cerificates you’re using.
Finally note that the most important thing about running your own CA is keeping it secure. If the machine or CA service is comprimised in any way you have to start over.