FedRamp Vulnerability Remediation

I would appreciate othersopinions on this. So the current situation is, our SaaS application has been deployed to a FedRAMP High certified cloud environment that is hosted and managed by another provider. Our company usually hosts in our own environment outside of FedRAMP, however this was seen as the most efficient way to have our product FedRAMP High certified, still needing to carry out some changes to both process and product but not go the full way.<