FedRAMP services, even FedRAMP High services, aren't authorized to host classified material. My understanding is that those agreements are still largely negotiated directly between the intelligence / defense services and the big providers, such as the Joint Warfighting Cloud Capability contract. FedRAMP is a program for vetting SaaS services for use by government agencies broadly. FedRAMP Moderate and High certified services are qualified to host Controlled Unclassified Information, which might be sensitive and held by either the government or private companies like defense contractors, but I wouldn't call them state secrets per se

This is a false dichotomy. There's a massive grand canyon sized gulf between "unvetted technology" and whatever the hell SAP/Oracle/Tyler-Technologies are.

FedRAMP can’t have classified data.

This is for a lot of very benign government tools that that are expensive, stodgy, with very little competition.